From cvs at cvs.gnupg.org Mon May 2 02:28:39 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Mon May 2 02:28:43 2005 Subject: gnupg/keyserver (ChangeLog gpgkeys_hkp.c gpgkeys_oldhkp.c ksutil.h) Message-ID: Date: Monday, May 2, 2005 @ 02:46:39 Author: dshaw Path: /cvs/gnupg/gnupg/keyserver Modified: ChangeLog gpgkeys_hkp.c gpgkeys_oldhkp.c ksutil.h * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup and comments as to the size of MAX_LINE and MAX_URL. ------------------+ ChangeLog | 5 +++++ gpgkeys_hkp.c | 12 +++++++++--- gpgkeys_oldhkp.c | 4 ++++ ksutil.h | 12 +++++------- 4 files changed, 23 insertions(+), 10 deletions(-) Index: gnupg/keyserver/ChangeLog diff -u gnupg/keyserver/ChangeLog:1.125 gnupg/keyserver/ChangeLog:1.126 --- gnupg/keyserver/ChangeLog:1.125 Sun Apr 17 04:18:32 2005 +++ gnupg/keyserver/ChangeLog Mon May 2 02:46:39 2005 @@ -1,3 +1,8 @@ +2005-05-01 David Shaw + + * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup + and comments as to the size of MAX_LINE and MAX_URL. + 2005-04-16 David Shaw * gpgkeys_hkp.c: New hkp handler that uses curl or curl-shim. Index: gnupg/keyserver/gpgkeys_hkp.c diff -u gnupg/keyserver/gpgkeys_hkp.c:1.51 gnupg/keyserver/gpgkeys_hkp.c:1.52 --- gnupg/keyserver/gpgkeys_hkp.c:1.51 Sun Apr 17 04:18:32 2005 +++ gnupg/keyserver/gpgkeys_hkp.c Mon May 2 02:46:39 2005 @@ -72,7 +72,7 @@ send_key(int *eof) { CURLcode res; - char request[MAX_URL+100]; + char request[MAX_URL]; int begin=0,end=0,ret=KEYSERVER_INTERNAL_ERROR; char keyid[17]; char line[MAX_LINE]; @@ -80,7 +80,6 @@ size_t keylen=8,keymax=8; key=malloc(9); - strcpy(key,"keytext="); if(!key) { fprintf(console,"gpgkeys: out of memory\n"); @@ -88,6 +87,8 @@ goto fail; } + strcpy(key,"keytext="); + /* Read and throw away input until we see the BEGIN */ while(fgets(line,MAX_LINE,input)!=NULL) @@ -216,6 +217,9 @@ return KEYSERVER_NOT_SUPPORTED; } + /* Note that the size of request is MAX_URL which already implies a + 1024 byte PATH. MAX_URL+100 is absurdly safe. */ + strcpy(request,"http://"); strcat(request,opt->host); strcat(request,":"); @@ -273,7 +277,9 @@ searchkey_encoded=curl_escape(searchkey,0); - request=malloc(MAX_URL+100+strlen(searchkey_encoded)); + /* Note that MAX_URL already implies a 1024 byte PATH, so this is + safe. */ + request=malloc(MAX_URL+strlen(searchkey_encoded)); if(!request) { fprintf(console,"gpgkeys: out of memory\n"); Index: gnupg/keyserver/gpgkeys_oldhkp.c diff -u gnupg/keyserver/gpgkeys_oldhkp.c:1.1 gnupg/keyserver/gpgkeys_oldhkp.c:1.2 --- gnupg/keyserver/gpgkeys_oldhkp.c:1.1 Sat Apr 16 20:50:46 2005 +++ gnupg/keyserver/gpgkeys_oldhkp.c Mon May 2 02:46:39 2005 @@ -37,6 +37,10 @@ #include "keyserver.h" #include "ksutil.h" +#define GET 0 +#define SEND 1 +#define SEARCH 2 + extern char *optarg; extern int optind; Index: gnupg/keyserver/ksutil.h diff -u gnupg/keyserver/ksutil.h:1.10 gnupg/keyserver/ksutil.h:1.11 --- gnupg/keyserver/ksutil.h:1.10 Sun Apr 17 03:52:04 2005 +++ gnupg/keyserver/ksutil.h Mon May 2 02:46:39 2005 @@ -27,13 +27,11 @@ #include #endif -#define GET 0 -#define SEND 1 -#define SEARCH 2 - -/* MAX_LINE must be 1 larger than the largest item we expect to - receive. */ -#define MAX_LINE 1080 +/* MAX_LINE must be at least 1 larger than the largest item we expect + to receive, including the name tag ("COMMAND", "PORT", etc) and + space between. In practice, that means it should be + strlen("OPAQUE")+1+sizeof_opaque+1 */ +#define MAX_LINE (6+1+1024+1) #define MAX_COMMAND 6 #define MAX_OPTION 256 From cvs at cvs.gnupg.org Wed May 4 00:08:57 2005 From: cvs at cvs.gnupg.org (cvs user wk) Date: Wed May 4 00:09:00 2005 Subject: gnupg/g10 (8 files) Message-ID: Date: Wednesday, May 4, 2005 @ 00:27:07 Author: wk Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog card-util.c cardglue.c cardglue.h keydb.h passphrase.c seckey-cert.c sign.c * passphrase.c (agent_get_passphrase): Add new arg CACHEID. Changed all callers. (ask_passphrase): Add new arg CACHEID and use it in agent mode. Changed all callers. (passphrase_clear_cache): New arg CACHEID. Changed all callers. * cardglue.c (format_cacheid): New. (pin_cb): Compute a cache ID. (agent_scd_pksign, agent_scd_pkdecrypt): Use it. (agent_clear_pin_cache): New. * card-util.c (change_pin): Clear the PIN cache. (check_pin_for_key_operation): Ditto. ---------------+ ChangeLog | 19 ++++++++++ card-util.c | 4 ++ cardglue.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++----- cardglue.h | 4 ++ keydb.h | 5 +- passphrase.c | 71 +++++++++++++++++++++++++++------------- seckey-cert.c | 4 +- sign.c | 4 ++ 8 files changed, 174 insertions(+), 34 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.726 gnupg/g10/ChangeLog:1.727 --- gnupg/g10/ChangeLog:1.726 Sun Apr 24 20:35:30 2005 +++ gnupg/g10/ChangeLog Wed May 4 00:27:07 2005 @@ -1,3 +1,17 @@ +2005-05-03 Werner Koch + + * passphrase.c (agent_get_passphrase): Add new arg CACHEID. + Changed all callers. + (ask_passphrase): Add new arg CACHEID and use it in agent mode. + Changed all callers. + (passphrase_clear_cache): New arg CACHEID. Changed all callers. + * cardglue.c (format_cacheid): New. + (pin_cb): Compute a cache ID. + (agent_scd_pksign, agent_scd_pkdecrypt): Use it. + (agent_clear_pin_cache): New. + * card-util.c (change_pin): Clear the PIN cache. + (check_pin_for_key_operation): Ditto. + 2005-04-24 David Shaw * trustdb.h, trustdb.c (mark_usable_uid_certs): Add flags for the @@ -24,6 +38,11 @@ here. We'll fail quite happily later, and usually with a better error message to boot. +2005-04-20 Werner Koch + + * sign.c (sign_file, sign_symencrypt_file): Allow for hash + debugging. + 2005-04-16 David Shaw * keyserver.c (keyserver_spawn): Free some memory. Index: gnupg/g10/card-util.c diff -u gnupg/g10/card-util.c:1.33 gnupg/g10/card-util.c:1.34 --- gnupg/g10/card-util.c:1.33 Thu Apr 7 10:31:23 2005 +++ gnupg/g10/card-util.c Wed May 4 00:27:07 2005 @@ -67,6 +67,8 @@ log_info (_("OpenPGP card no. %s detected\n"), info.serialno? info.serialno : "[none]"); + agent_clear_pin_cache (info.serialno); + agent_release_card_info (&info); if (opt.batch) @@ -950,6 +952,8 @@ { int rc = 0; + agent_clear_pin_cache (info->serialno); + *forced_chv1 = !info->chv1_cached; if (*forced_chv1) { /* Switch of the forced mode so that during key generation we Index: gnupg/g10/cardglue.c diff -u gnupg/g10/cardglue.c:1.25 gnupg/g10/cardglue.c:1.26 --- gnupg/g10/cardglue.c:1.25 Wed Mar 30 12:39:13 2005 +++ gnupg/g10/cardglue.c Wed May 4 00:27:07 2005 @@ -43,12 +43,19 @@ #include "apdu.h" #include "app-common.h" -struct ctrl_ctx_s { +struct ctrl_ctx_s +{ int (*status_cb)(void *opaque, const char *line); void *status_cb_arg; }; +struct pincb_parm_s +{ + const char *sn; +}; + + static char *default_reader_port; static APP current_app; @@ -334,6 +341,39 @@ } +/* Format a cache ID from the serialnumber in SN and return it as an + allocated string. In case of an error NULL is returned. */ +static char * +format_cacheid (const char *sn) +{ + const char *s; + size_t snlen; + char *cacheid = NULL; + + /* The serialnumber we use for a card is "CARDSN:serialno". Where + serialno is the BCD string (i.e. hex string) with the full + number. The serial number expect here constsis of hexdigits + followed by other characters, we cut off these other + characters. */ + if (sn) + { + for (s=sn,snlen=0; hexdigitp (s); s++, snlen++) + ; + if (snlen == 32) + { + /* Yes, this looks indeed like an OpenPGP card S/N. */ + cacheid = xtrymalloc (7+snlen+1); + if (cacheid) + { + memcpy (cacheid, "CARDSN:", 7); + memcpy (cacheid+7, sn, snlen); + cacheid[7+snlen] = 0; + } + } + } + return cacheid; +} + /* Check that the serial number of the current card (as described by APP) matches SERIALNO. If there is no match and we are not in batch mode, present a prompt to insert the desired card. The @@ -651,12 +691,14 @@ static int pin_cb (void *opaque, const char *info, char **retstr) { + struct pincb_parm_s *parm = opaque; char *value; int canceled; int isadmin = 0; int newpin = 0; const char *again_text = NULL; const char *ends, *s; + char *cacheid = NULL; *retstr = NULL; /* log_debug ("asking for PIN '%s'\n", info); */ @@ -674,9 +716,23 @@ } info = ends+1; } - else + else if (info && *info == '|') log_debug ("pin_cb called without proper PIN info hack\n"); + /* If we are not requesting a new PIN and we are not requesting an + AdminPIN, compute a string to be used as the cacheID for + gpg-agent. */ + if (!newpin && !isadmin && parm) + { + cacheid = format_cacheid (parm->sn); + } + else if (newpin && parm) + { + /* Make really sure that it is not cached anymore. */ + agent_clear_pin_cache (parm->sn); + } + + again: if (is_status_enabled()) write_status_text (STATUS_NEED_PASSPHRASE_PIN, @@ -691,7 +747,10 @@ newpin? _("Enter New PIN: ") : isadmin? _("Enter Admin PIN: ") : _("Enter PIN: "), + cacheid, &canceled); + xfree (cacheid); + cacheid = NULL; again_text = NULL; if (!value && canceled) return -1; @@ -702,7 +761,7 @@ { char *value2; - value2 = ask_passphrase (info, NULL, + value2 = ask_passphrase (info, NULL, NULL, "passphrase.pin.repeat", _("Repeat this PIN: "), &canceled); @@ -837,11 +896,14 @@ const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen) { + struct pincb_parm_s parm; APP app; int rc; *r_buf = NULL; *r_buflen = 0; + memset (&parm, 0, sizeof parm); + parm.sn = serialno; retry: app = current_app? current_app : open_card (); if (!app) @@ -854,11 +916,14 @@ if (!rc) rc = app->fnc.sign (app, serialno, hashalgo, - pin_cb, NULL, + pin_cb, &parm, indata, indatalen, r_buf, r_buflen); if (rc) - write_status (STATUS_SC_OP_FAILURE); + { + write_status (STATUS_SC_OP_FAILURE); + agent_clear_pin_cache (serialno); + } return rc; } @@ -869,11 +934,14 @@ const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen) { + struct pincb_parm_s parm; APP app; int rc; *r_buf = NULL; *r_buflen = 0; + memset (&parm, 0, sizeof parm); + parm.sn = serialno; retry: app = current_app? current_app : open_card (); if (!app) @@ -886,11 +954,14 @@ if (!rc) rc = app->fnc.decipher (app, serialno, - pin_cb, NULL, + pin_cb, &parm, indata, indatalen, r_buf, r_buflen); if (rc) - write_status (STATUS_SC_OP_FAILURE); + { + write_status (STATUS_SC_OP_FAILURE); + agent_clear_pin_cache (serialno); + } return rc; } @@ -960,3 +1031,15 @@ write_status (STATUS_SC_OP_FAILURE); return rc; } + + +void +agent_clear_pin_cache (const char *sn) +{ + char *cacheid = format_cacheid (sn); + if (cacheid) + { + passphrase_clear_cache (NULL, cacheid, 0); + xfree (cacheid); + } +} Index: gnupg/g10/cardglue.h diff -u gnupg/g10/cardglue.h:1.13 gnupg/g10/cardglue.h:1.14 --- gnupg/g10/cardglue.h:1.13 Fri Dec 10 11:49:14 2004 +++ gnupg/g10/cardglue.h Wed May 4 00:27:07 2005 @@ -194,6 +194,10 @@ const unsigned char *m, size_t mlen, const unsigned char *e, size_t elen); +/* Clear a cached PIN. */ +void agent_clear_pin_cache (const char *sn); + + #endif /*ENABLE_CARD_SUPPORT*/ #endif /*GNUPG_G10_CARDGLUE_H*/ Index: gnupg/g10/keydb.h diff -u gnupg/g10/keydb.h:1.88 gnupg/g10/keydb.h:1.89 --- gnupg/g10/keydb.h:1.88 Thu Jan 20 18:21:40 2005 +++ gnupg/g10/keydb.h Wed May 4 00:27:07 2005 @@ -186,11 +186,12 @@ /*-- passphrase.h --*/ int have_static_passphrase(void); void read_passphrase_from_fd( int fd ); -void passphrase_clear_cache ( u32 *keyid, int algo ); +void passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo ); char *ask_passphrase (const char *description, const char *tryagain_text, const char *promptid, - const char *prompt, int *canceled); + const char *prompt, + const char *cacheid, int *canceled); DEK *passphrase_to_dek( u32 *keyid, int pubkey_algo, int cipher_algo, STRING2KEY *s2k, int mode, const char *tryagain_text, int *canceled); Index: gnupg/g10/passphrase.c diff -u gnupg/g10/passphrase.c:1.77 gnupg/g10/passphrase.c:1.78 --- gnupg/g10/passphrase.c:1.77 Tue Apr 5 19:09:12 2005 +++ gnupg/g10/passphrase.c Wed May 4 00:27:07 2005 @@ -425,10 +425,13 @@ * * Note that TRYAGAIN_TEXT must not be translated. If canceled is not * NULL, the function does set it to 1 if the user canceled the - * operation. + * operation. If CACHEID is not NULL, it will be used as the cacheID + * for the gpg-agent; if is NULL and a key fingerprint can be + * computed, this will be used as the cacheid. */ static char * -agent_get_passphrase ( u32 *keyid, int mode, const char *tryagain_text, +agent_get_passphrase ( u32 *keyid, int mode, const char *cacheid, + const char *tryagain_text, const char *custom_description, const char *custom_prompt, int *canceled) { @@ -545,11 +548,16 @@ line = xmalloc (15 + 46 + 3*strlen (atext) + 3*strlen (custom_prompt? custom_prompt:"") + + (cacheid? (3*strlen (cacheid)): 0) + 3*strlen (tryagain_text) + 1); strcpy (line, "GET_PASSPHRASE "); p = line+15; - if (!mode && have_fpr) + if (!mode && cacheid) + { + p = percent_plus_escape (p, cacheid); + } + else if (!mode && have_fpr) { for (i=0; i < 20; i++, p +=2 ) sprintf (p, "%02X", fpr[i]); @@ -629,10 +637,11 @@ /* - * Clear the cached passphrase + * Clear the cached passphrase. If CACHEID is not NULL, it will be + * used instead of a cache ID derived from KEYID. */ void -passphrase_clear_cache ( u32 *keyid, int algo ) +passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo ) { #ifdef ENABLE_AGENT_SUPPORT assuan_context_t ctx = NULL; @@ -646,17 +655,22 @@ if (!opt.use_agent) return; - pk = xcalloc (1, sizeof *pk); - memset (fpr, 0, MAX_FINGERPRINT_LEN ); - if( !keyid || get_pubkey( pk, keyid ) ) + if (!cacheid) { - goto failure; /* oops: no key for some reason */ - } + pk = xcalloc (1, sizeof *pk); + memset (fpr, 0, MAX_FINGERPRINT_LEN ); + if( !keyid || get_pubkey( pk, keyid ) ) + { + goto failure; /* oops: no key for some reason */ + } - { - size_t dummy; - fingerprint_from_pk( pk, fpr, &dummy ); - } + { + size_t dummy; + fingerprint_from_pk( pk, fpr, &dummy ); + } + } + else + pk = NULL; if ( !(ctx = agent_open ()) ) goto failure; @@ -665,11 +679,21 @@ char *line, *p; int i, rc; - line = xmalloc (17 + 40 + 2); - strcpy (line, "CLEAR_PASSPHRASE "); - p = line+17; - for (i=0; i < 20; i++, p +=2 ) - sprintf (p, "%02X", fpr[i]); + if (cacheid) + { + line = xmalloc (17 + 3*strlen (cacheid) + 2); + strcpy (line, "CLEAR_PASSPHRASE "); + p = line+17; + p = percent_plus_escape (p, cacheid); + } + else + { + line = xmalloc (17 + 40 + 2); + strcpy (line, "CLEAR_PASSPHRASE "); + p = line+17; + for (i=0; i < 20; i++, p +=2 ) + sprintf (p, "%02X", fpr[i]); + } *p = 0; rc = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); @@ -696,7 +720,8 @@ ask_passphrase (const char *description, const char *tryagain_text, const char *promptid, - const char *prompt, int *canceled) + const char *prompt, + const char *cacheid, int *canceled) { char *pw = NULL; @@ -709,7 +734,7 @@ agent_died: if ( opt.use_agent ) { - pw = agent_get_passphrase (NULL, 0, + pw = agent_get_passphrase (NULL, 0, cacheid, tryagain_text, description, prompt, canceled ); if (!pw) @@ -853,7 +878,7 @@ } else if ( opt.use_agent ) { /* Divert to the gpg-agent. */ - pw = agent_get_passphrase ( keyid, mode == 2? 1: 0, + pw = agent_get_passphrase ( keyid, mode == 2? 1: 0, NULL, tryagain_text, NULL, NULL, canceled ); if (!pw) { @@ -862,7 +887,7 @@ pw = m_strdup (""); } if( *pw && mode == 2 ) { - char *pw2 = agent_get_passphrase ( keyid, 2, NULL, NULL, + char *pw2 = agent_get_passphrase ( keyid, 2, NULL, NULL, NULL, NULL, canceled ); if (!pw2) { Index: gnupg/g10/seckey-cert.c diff -u gnupg/g10/seckey-cert.c:1.75 gnupg/g10/seckey-cert.c:1.76 --- gnupg/g10/seckey-cert.c:1.75 Mon Dec 20 11:05:20 2004 +++ gnupg/g10/seckey-cert.c Wed May 4 00:27:07 2005 @@ -203,7 +203,7 @@ /* now let's see whether we have used the right passphrase */ if( csum != sk->csum ) { copy_secret_key( sk, save_sk ); - passphrase_clear_cache ( keyid, sk->pubkey_algo ); + passphrase_clear_cache ( keyid, NULL, sk->pubkey_algo ); free_secret_key( save_sk ); return G10ERR_BAD_PASS; } @@ -211,7 +211,7 @@ res = pubkey_check_secret_key( sk->pubkey_algo, sk->skey ); if( res ) { copy_secret_key( sk, save_sk ); - passphrase_clear_cache ( keyid, sk->pubkey_algo ); + passphrase_clear_cache ( keyid, NULL, sk->pubkey_algo ); free_secret_key( save_sk ); return G10ERR_BAD_PASS; } Index: gnupg/g10/sign.c diff -u gnupg/g10/sign.c:1.136 gnupg/g10/sign.c:1.137 --- gnupg/g10/sign.c:1.136 Sun Apr 17 06:10:03 2005 +++ gnupg/g10/sign.c Wed May 4 00:27:07 2005 @@ -808,6 +808,8 @@ } mfx.md = md_open(0, 0); + if (DBG_HASHING) + md_start_debug (mfx.md, "sign"); /* If we're encrypting and signing, it is reasonable to pick the hash algorithm to use out of the recepient key prefs. */ @@ -1217,6 +1219,8 @@ if (opt.textmode) iobuf_push_filter (inp, text_filter, &tfx); mfx.md = md_open(0, 0); + if ( DBG_HASHING ) + md_start_debug (mfx.md, "symc-sign"); for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) { PKT_secret_key *sk = sk_rover->sk; From cvs at cvs.gnupg.org Wed May 4 04:27:52 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Wed May 4 04:27:55 2005 Subject: gnupg/keyserver (ChangeLog gpgkeys_http.c) Message-ID: Date: Wednesday, May 4, 2005 @ 04:46:02 Author: dshaw Path: /cvs/gnupg/gnupg/keyserver Modified: ChangeLog gpgkeys_http.c * gpgkeys_http.c: Need GET defined. ----------------+ ChangeLog | 4 ++++ gpgkeys_http.c | 2 ++ 2 files changed, 6 insertions(+) Index: gnupg/keyserver/ChangeLog diff -u gnupg/keyserver/ChangeLog:1.126 gnupg/keyserver/ChangeLog:1.127 --- gnupg/keyserver/ChangeLog:1.126 Mon May 2 02:46:39 2005 +++ gnupg/keyserver/ChangeLog Wed May 4 04:46:02 2005 @@ -1,3 +1,7 @@ +2005-05-03 David Shaw + + * gpgkeys_http.c: Need GET defined. + 2005-05-01 David Shaw * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup Index: gnupg/keyserver/gpgkeys_http.c diff -u gnupg/keyserver/gpgkeys_http.c:1.14 gnupg/keyserver/gpgkeys_http.c:1.15 --- gnupg/keyserver/gpgkeys_http.c:1.14 Wed Mar 23 00:41:08 2005 +++ gnupg/keyserver/gpgkeys_http.c Wed May 4 04:46:02 2005 @@ -33,6 +33,8 @@ #include "keyserver.h" #include "ksutil.h" +#define GET 0 + extern char *optarg; extern int optind; From cvs at cvs.gnupg.org Wed May 4 15:16:10 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Wed May 4 15:16:14 2005 Subject: gnupg/keyserver (ChangeLog ksutil.c ksutil.h) Message-ID: Date: Wednesday, May 4, 2005 @ 15:34:25 Author: dshaw Path: /cvs/gnupg/gnupg/keyserver Modified: ChangeLog ksutil.c ksutil.h * ksutil.h, ksutil.c: #ifdef so we can build without libcurl or fake-curl. -----------+ ChangeLog | 5 +++++ ksutil.c | 9 +++++++-- ksutil.h | 9 +++++++-- 3 files changed, 19 insertions(+), 4 deletions(-) Index: gnupg/keyserver/ChangeLog diff -u gnupg/keyserver/ChangeLog:1.127 gnupg/keyserver/ChangeLog:1.128 --- gnupg/keyserver/ChangeLog:1.127 Wed May 4 04:46:02 2005 +++ gnupg/keyserver/ChangeLog Wed May 4 15:34:25 2005 @@ -1,3 +1,8 @@ +2005-05-04 David Shaw + + * ksutil.h, ksutil.c: #ifdef so we can build without libcurl or + fake-curl. + 2005-05-03 David Shaw * gpgkeys_http.c: Need GET defined. Index: gnupg/keyserver/ksutil.c diff -u gnupg/keyserver/ksutil.c:1.8 gnupg/keyserver/ksutil.c:1.9 --- gnupg/keyserver/ksutil.c:1.8 Sun Apr 17 03:52:04 2005 +++ gnupg/keyserver/ksutil.c Wed May 4 15:34:25 2005 @@ -24,10 +24,13 @@ #include #include #include + +#ifdef HAVE_LIBCURL +#include +#else #ifdef FAKE_CURL #include "curl-shim.h" -#else -#include +#endif #endif #include "keyserver.h" #include "ksutil.h" @@ -318,6 +321,7 @@ } } +#if defined (HAVE_LIBCURL) || defined (FAKE_CURL) int curl_err_to_gpg_err(CURLcode error) { @@ -383,3 +387,4 @@ return size*nmemb; } +#endif Index: gnupg/keyserver/ksutil.h diff -u gnupg/keyserver/ksutil.h:1.11 gnupg/keyserver/ksutil.h:1.12 --- gnupg/keyserver/ksutil.h:1.11 Mon May 2 02:46:39 2005 +++ gnupg/keyserver/ksutil.h Wed May 4 15:34:25 2005 @@ -21,10 +21,12 @@ #ifndef _KSUTIL_H_ #define _KSUTIL_H_ +#ifdef HAVE_LIBCURL +#include +#else #ifdef FAKE_CURL #include "curl-shim.h" -#else -#include +#endif #endif /* MAX_LINE must be at least 1 larger than the largest item we expect @@ -98,6 +100,8 @@ int parse_ks_options(char *line,struct ks_options *opt); const char *ks_action_to_string(enum ks_action action); void print_nocr(FILE *stream,const char *str); + +#if defined (HAVE_LIBCURL) || defined (FAKE_CURL) int curl_err_to_gpg_err(CURLcode error); struct curl_writer_ctx @@ -108,5 +112,6 @@ }; size_t curl_writer(const void *ptr,size_t size,size_t nmemb,void *cw_ctx); +#endif #endif /* !_KSUTIL_H_ */ From cvs at cvs.gnupg.org Thu May 5 13:41:50 2005 From: cvs at cvs.gnupg.org (cvs user marcus) Date: Thu May 5 13:41:53 2005 Subject: gpgme/gpgme (ChangeLog data-user.c) Message-ID: Date: Thursday, May 5, 2005 @ 14:00:11 Author: marcus Path: /cvs/gpgme/gpgme/gpgme Modified: ChangeLog data-user.c 2005-05-05 Marcus Brinkmann * data-user.c (user_release): Only call user hook if provided. (user_seek): Return EBADF if no user hook is provided. (user_read): Likewise. (user_write): Likewise. -------------+ ChangeLog | 7 +++++++ data-user.c | 12 +++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) Index: gpgme/gpgme/ChangeLog diff -u gpgme/gpgme/ChangeLog:1.398 gpgme/gpgme/ChangeLog:1.399 --- gpgme/gpgme/ChangeLog:1.398 Thu Apr 28 18:11:33 2005 +++ gpgme/gpgme/ChangeLog Thu May 5 14:00:11 2005 @@ -1,3 +1,10 @@ +2005-05-05 Marcus Brinkmann + + * data-user.c (user_release): Only call user hook if provided. + (user_seek): Return EBADF if no user hook is provided. + (user_read): Likewise. + (user_write): Likewise. + 2005-04-28 Marcus Brinkmann * gpgme.h (GPGME_INCLUDE_CERTS_DEFAULT): New macro. Index: gpgme/gpgme/data-user.c diff -u gpgme/gpgme/data-user.c:1.5 gpgme/gpgme/data-user.c:1.6 --- gpgme/gpgme/data-user.c:1.5 Tue Dec 7 22:13:36 2004 +++ gpgme/gpgme/data-user.c Thu May 5 14:00:11 2005 @@ -30,6 +30,9 @@ static ssize_t user_read (gpgme_data_t dh, void *buffer, size_t size) { + if (!dh->data.user.cbs->read) + return EBADF; + return (*dh->data.user.cbs->read) (dh->data.user.handle, buffer, size); } @@ -37,6 +40,9 @@ static ssize_t user_write (gpgme_data_t dh, const void *buffer, size_t size) { + if (!dh->data.user.cbs->write) + return EBADF; + return (*dh->data.user.cbs->write) (dh->data.user.handle, buffer, size); } @@ -44,6 +50,9 @@ static off_t user_seek (gpgme_data_t dh, off_t offset, int whence) { + if (!dh->data.user.cbs->seek) + return EBADF; + return (*dh->data.user.cbs->seek) (dh->data.user.handle, offset, whence); } @@ -51,7 +60,8 @@ static void user_release (gpgme_data_t dh) { - (*dh->data.user.cbs->release) (dh->data.user.handle); + if (dh->data.user.cbs->release) + (*dh->data.user.cbs->release) (dh->data.user.handle); } From cvs at cvs.gnupg.org Thu May 5 14:21:13 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Thu May 5 14:21:15 2005 Subject: gnupg/doc (ChangeLog gpg.sgml) Message-ID: Date: Thursday, May 5, 2005 @ 14:39:36 Author: dshaw Path: /cvs/gnupg/gnupg/doc Modified: ChangeLog gpg.sgml * gpg.sgml: Clarify --min-cert-level a bit. -----------+ ChangeLog | 4 ++++ gpg.sgml | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) Index: gnupg/doc/ChangeLog diff -u gnupg/doc/ChangeLog:1.99 gnupg/doc/ChangeLog:1.100 --- gnupg/doc/ChangeLog:1.99 Mon Mar 14 20:19:21 2005 +++ gnupg/doc/ChangeLog Thu May 5 14:39:36 2005 @@ -1,3 +1,7 @@ +2005-05-05 David Shaw + + * gpg.sgml: Clarify --min-cert-level a bit. + 2005-03-14 Werner Koch * gnupg-w32.reg: Removed. Index: gnupg/doc/gpg.sgml diff -u gnupg/doc/gpg.sgml:1.81 gnupg/doc/gpg.sgml:1.82 --- gnupg/doc/gpg.sgml:1.81 Fri Mar 11 12:02:12 2005 +++ gnupg/doc/gpg.sgml Thu May 5 14:39:36 2005 @@ -1112,10 +1112,10 @@ --min-cert-level -When building the trust database, disregard any signatures with a -certification level below this. Defaults to 2, which disregards level -1 signatures. Note that level 0 "no particular claim" signatures are -always accepted. +When building the trust database, treat any signatures with a +certification level below this as invalid. Defaults to 2, which +disregards level 1 signatures. Note that level 0 "no particular +claim" signatures are always accepted. @@ -1771,7 +1771,7 @@ to get multiple comment strings. --no-comments removes all comments. It is a good idea to keep the length of a single comment below 60 characters to avoid problems with mail programs wrapping such lines. -Note, that those comment lines, like all other header lines, are not +Note that comment lines, like all other header lines, are not protected by the signature. From cvs at cvs.gnupg.org Thu May 5 16:31:30 2005 From: cvs at cvs.gnupg.org (cvs user mo) Date: Thu May 5 16:31:34 2005 Subject: GNUPG-1-9-BRANCH gnupg/agent (ChangeLog command-ssh.c) Message-ID: Date: Thursday, May 5, 2005 @ 16:49:54 Author: mo Path: /cvs/gnupg/gnupg/agent Tag: GNUPG-1-9-BRANCH Modified: ChangeLog command-ssh.c 2005-05-05 Moritz Schulte * command-ssh.c (ssh_key_to_buffer): Rename to ... (ssh_key_to_protected_buffer): ... this; change callers. Improved documentation. ---------------+ ChangeLog | 6 ++ command-ssh.c | 123 ++++++++++++++++++++++++++++++++++++++------------------ 2 files changed, 91 insertions(+), 38 deletions(-) Index: gnupg/agent/ChangeLog diff -u gnupg/agent/ChangeLog:1.59.2.75 gnupg/agent/ChangeLog:1.59.2.76 --- gnupg/agent/ChangeLog:1.59.2.75 Wed Apr 20 21:19:24 2005 +++ gnupg/agent/ChangeLog Thu May 5 16:49:53 2005 @@ -1,3 +1,9 @@ +2005-05-05 Moritz Schulte + + * command-ssh.c (ssh_key_to_buffer): Rename to ... + (ssh_key_to_protected_buffer): ... this; change callers. + Improved documentation. + 2005-04-20 Moritz Schulte * command-ssh.c (ssh_handler_request_identities): Removed Index: gnupg/agent/command-ssh.c diff -u gnupg/agent/command-ssh.c:1.1.4.18 gnupg/agent/command-ssh.c:1.1.4.19 --- gnupg/agent/command-ssh.c:1.1.4.18 Wed Apr 20 16:47:19 2005 +++ gnupg/agent/command-ssh.c Thu May 5 16:49:54 2005 @@ -148,10 +148,14 @@ is required by gpg-agent's key access layer. */ const char *elems_sexp_order; - /* Key modifier function. */ + /* Key modifier function. Key modifier functions are necessary in + order to fix any inconsistencies between the representation of + keys on the SSH and on the GnuPG side. */ ssh_key_modifier_t key_modifier; - /* Signature encoder function. */ + /* Signature encoder function. Signature encoder functions are + necessary since the encoding of signatures depends on the used + algorithm. */ ssh_signature_encoder_t signature_encoder; /* Misc flags. */ @@ -196,11 +200,11 @@ /* Associating request types with the corresponding request handlers. */ +static ssh_request_spec_t request_specs[] = + { #define REQUEST_SPEC_DEFINE(id, name, secret_input) \ { SSH_REQUEST_##id, ssh_handler_##name, #name, secret_input } -static ssh_request_spec_t request_specs[] = - { REQUEST_SPEC_DEFINE (REQUEST_IDENTITIES, request_identities, 1), REQUEST_SPEC_DEFINE (SIGN_REQUEST, sign_request, 0), REQUEST_SPEC_DEFINE (ADD_IDENTITY, add_identity, 1), @@ -209,8 +213,8 @@ REQUEST_SPEC_DEFINE (REMOVE_ALL_IDENTITIES, remove_all_identities, 0), REQUEST_SPEC_DEFINE (LOCK, lock, 0), REQUEST_SPEC_DEFINE (UNLOCK, unlock, 0) - }; #undef REQUEST_SPEC_DEFINE + }; /* Table holding key type specifications. */ @@ -816,7 +820,10 @@ } } - +/* Receive key material MPIs from STREAM according to KEY_SPEC; + depending on SECRET expect a public key or secret key. The newly + allocated list of MPIs is stored in MPI_LIST. Returns usual error + code. */ static gpg_error_t ssh_receive_mpint_list (estream_t stream, int secret, ssh_key_type_spec_t key_spec, gcry_mpi_t **mpi_list) @@ -982,7 +989,9 @@ */ -/* */ +/* This function constructs a new S-Expression for the key identified + by the KEY_SPEC, SECRET, MPIS and COMMENT, which is to be stored in + *SEXP. Returns usual error code. */ static gpg_error_t sexp_key_construct (gcry_sexp_t *sexp, ssh_key_type_spec_t key_spec, int secret, @@ -1072,7 +1081,12 @@ return err; } - +/* This functions breaks up the key contained in the S-Expression SEXP + according to KEY_SPEC. The MPIs are bundled in a newly create + list, which is to be stored in MPIS; a newly allocated string + holding the comment will be stored in COMMENT; SECRET will be + filled with a boolean flag specifying what kind of key it is. + Returns usual error code. */ static gpg_error_t sexp_key_extract (gcry_sexp_t sexp, ssh_key_type_spec_t key_spec, int *secret, @@ -1710,7 +1724,9 @@ /* - Request handler. + Request handler. Each handler is provided with a CTRL context, a + REQUEST object and a RESPONSE object. The actual request is to be + read from REQUEST, the response needs to be written to RESPONSE. */ @@ -1925,7 +1941,30 @@ return ret_err; } -/* */ +/* This function calculates the key grip for the key contained in the + S-Expression KEY and writes it to BUFFER, which must be large + enough to hold it. Returns usual error code. */ +static gpg_error_t +ssh_key_grip (gcry_sexp_t key, char *buffer) +{ + gpg_error_t err; + char *p; + + /* FIXME: unsigned vs. signed. */ + + p = gcry_pk_get_keygrip (key, buffer); + if (! p) + err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ + else + err = 0; + + return err; +} + +/* This function hashes the data contained in DATA of size DATA_N + according to the message digest algorithm specified by MD_ALGORITHM + and writes the message digest to HASH, which needs to large enough + for the digest. */ static gpg_error_t data_hash (unsigned char *data, size_t data_n, int md_algorithm, unsigned char *hash) @@ -1935,7 +1974,9 @@ return 0; } - +/* This function signs the data contained in CTRL, stores the created + signature in newly allocated memory in SIG and it's size in SIG_N; + SIG_ENCODER is the signature encoder to use. */ static gpg_error_t data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder, unsigned char **sig, size_t *sig_n) @@ -2094,6 +2135,7 @@ return err; } +/* Handler for the "sign_request" command. */ static gpg_error_t ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) { @@ -2198,7 +2240,9 @@ return ret_err; } - +/* This function extracts the comment contained in the key + S-Expression KEY and stores a copy in COMMENT. Returns usual error + code. */ static gpg_error_t ssh_key_extract_comment (gcry_sexp_t key, char **comment) { @@ -2239,26 +2283,12 @@ return err; } +/* This function converts the key contained in the S-Expression KEY + into a buffer, which is protected by the passphrase PASSPHRASE. + Returns usual error code. */ static gpg_error_t -ssh_key_grip (gcry_sexp_t key, char *buffer) -{ - gpg_error_t err; - char *p; - - /* FIXME: unsigned vs. signed. */ - - p = gcry_pk_get_keygrip (key, buffer); - if (! p) - err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ - else - err = 0; - - return err; -} - -static gpg_error_t -ssh_key_to_buffer (gcry_sexp_t key, const char *passphrase, - unsigned char **buffer, size_t *buffer_n) +ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase, + unsigned char **buffer, size_t *buffer_n) { unsigned char *buffer_new; unsigned int buffer_new_n; @@ -2287,7 +2317,7 @@ -/* Store the ssh KEY into our local key storage and protect him after +/* Store the ssh KEY into our local key storage and protect it after asking for a passphrase. Cache that passphrase. TTL is the maximum caching time for that key. If the key already exists in our key storage, don't do anything. When entering a new key also @@ -2345,7 +2375,7 @@ if (err) goto out; - err = ssh_key_to_buffer (key, pi->pin, &buffer, &buffer_n); + err = ssh_key_to_protected_buffer (key, pi->pin, &buffer, &buffer_n); if (err) goto out; @@ -2378,7 +2408,9 @@ } - +/* This function removes the key contained in the S-Expression KEY + from the local key storage, in case it exists there. Returns usual + error code. FIXME: this function is a stub. */ static gpg_error_t ssh_identity_drop (gcry_sexp_t key) { @@ -2399,6 +2431,7 @@ return err; } +/* Handler for the "add_identity" command. */ static gpg_error_t ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response) { @@ -2469,9 +2502,10 @@ return ret_err; } +/* Handler for the "remove_identity" command. */ static gpg_error_t -ssh_handler_remove_identity (ctrl_t ctrl, estream_t request, - estream_t response) +ssh_handler_remove_identity (ctrl_t ctrl, + estream_t request, estream_t response) { unsigned char *key_blob; u32 key_blob_size; @@ -2507,6 +2541,7 @@ return ret_err; } +/* FIXME: stub function. Actually useful? */ static gpg_error_t ssh_identities_remove_all (void) { @@ -2520,9 +2555,10 @@ return err; } +/* Handler for the "remove_all_identities" command. */ static gpg_error_t -ssh_handler_remove_all_identities (ctrl_t ctrl, estream_t request, - estream_t response) +ssh_handler_remove_all_identities (ctrl_t ctrl, + estream_t request, estream_t response) { gpg_error_t ret_err; gpg_error_t err; @@ -2537,6 +2573,7 @@ return ret_err; } +/* Lock agent? FIXME: stub function. */ static gpg_error_t ssh_lock (void) { @@ -2549,6 +2586,7 @@ return err; } +/* Unock agent? FIXME: stub function. */ static gpg_error_t ssh_unlock (void) { @@ -2560,6 +2598,7 @@ return err; } +/* Handler for the "lock" command. */ static gpg_error_t ssh_handler_lock (ctrl_t ctrl, estream_t request, estream_t response) { @@ -2576,6 +2615,7 @@ return ret_err; } +/* Handler for the "unlock" command. */ static gpg_error_t ssh_handler_unlock (ctrl_t ctrl, estream_t request, estream_t response) { @@ -2594,6 +2634,9 @@ +/* Return the request specification for the request identified by TYPE + or NULL in case the requested request specification could not be + found. */ static ssh_request_spec_t * request_spec_lookup (int type) { @@ -2614,6 +2657,9 @@ return spec; } +/* Process a single request. The request is read from and the + response is written to STREAM_SOCK. Uses CTRL as context. Returns + zero in case of success, non zero in case of failure. */ static int ssh_request_process (ctrl_t ctrl, estream_t stream_sock) { @@ -2772,6 +2818,7 @@ return !!err; } +/* Start serving client on SOCK_CLIENT. */ void start_command_handler_ssh (int sock_client) { From cvs at cvs.gnupg.org Thu May 5 16:39:36 2005 From: cvs at cvs.gnupg.org (cvs user mo) Date: Thu May 5 16:39:38 2005 Subject: GNUPG-1-9-BRANCH gnupg/agent (ChangeLog command-ssh.c) Message-ID: Date: Thursday, May 5, 2005 @ 16:57:59 Author: mo Path: /cvs/gnupg/gnupg/agent Tag: GNUPG-1-9-BRANCH Modified: ChangeLog command-ssh.c 2005-05-05 Moritz Schulte * command-ssh.c: Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used before. (ssh_handler_sign_request): Removed unusued variable P. ---------------+ ChangeLog | 3 ++ command-ssh.c | 60 +++++++++++++++++++++++++++----------------------------- 2 files changed, 32 insertions(+), 31 deletions(-) Index: gnupg/agent/ChangeLog diff -u gnupg/agent/ChangeLog:1.59.2.76 gnupg/agent/ChangeLog:1.59.2.77 --- gnupg/agent/ChangeLog:1.59.2.76 Thu May 5 16:49:53 2005 +++ gnupg/agent/ChangeLog Thu May 5 16:57:59 2005 @@ -3,6 +3,9 @@ * command-ssh.c (ssh_key_to_buffer): Rename to ... (ssh_key_to_protected_buffer): ... this; change callers. Improved documentation. + Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used + before. + (ssh_handler_sign_request): Removed unusued variable P. 2005-04-20 Moritz Schulte Index: gnupg/agent/command-ssh.c diff -u gnupg/agent/command-ssh.c:1.1.4.19 gnupg/agent/command-ssh.c:1.1.4.20 --- gnupg/agent/command-ssh.c:1.1.4.19 Thu May 5 16:49:54 2005 +++ gnupg/agent/command-ssh.c Thu May 5 16:57:59 2005 @@ -1531,6 +1531,26 @@ +/* This function calculates the key grip for the key contained in the + S-Expression KEY and writes it to BUFFER, which must be large + enough to hold it. Returns usual error code. */ +static gpg_error_t +ssh_key_grip (gcry_sexp_t key, char *buffer) +{ + gpg_error_t err; + char *p; + + /* FIXME: unsigned vs. signed. */ + + p = gcry_pk_get_keygrip (key, buffer); + if (! p) + err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ + else + err = 0; + + return err; +} + /* Converts the secret key KEY_SECRET into a public key, storing it in KEY_PUBLIC. SPEC is the according key specification. Returns zero on success or an error code. */ @@ -1643,14 +1663,16 @@ xfree (serialno); return err; } - - if ( !gcry_pk_get_keygrip (s_pk, grip) ) + + err = ssh_key_grip (s_pk, grip); + if (err) { - log_debug ("error computing keygrip from received card key\n"); + log_debug ("error computing keygrip from received card key: %s\n", + gcry_strerror (err)); xfree (pkbuf); gcry_sexp_release (s_pk); xfree (serialno); - return gpg_error (GPG_ERR_INTERNAL); + return err; } if ( agent_key_available (grip) ) @@ -1941,26 +1963,6 @@ return ret_err; } -/* This function calculates the key grip for the key contained in the - S-Expression KEY and writes it to BUFFER, which must be large - enough to hold it. Returns usual error code. */ -static gpg_error_t -ssh_key_grip (gcry_sexp_t key, char *buffer) -{ - gpg_error_t err; - char *p; - - /* FIXME: unsigned vs. signed. */ - - p = gcry_pk_get_keygrip (key, buffer); - if (! p) - err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ - else - err = 0; - - return err; -} - /* This function hashes the data contained in DATA of size DATA_N according to the message digest algorithm specified by MD_ALGORITHM and writes the message digest to HASH, which needs to large enough @@ -2151,7 +2153,6 @@ size_t sig_n; u32 data_size; u32 flags; - void *p; gpg_error_t err; gpg_error_t ret_err; @@ -2192,12 +2193,9 @@ goto out; /* Calculate key grip. */ - p = gcry_pk_get_keygrip (key, key_grip); - if (! p) - { - err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ - goto out; - } + err = ssh_key_grip (key, key_grip); + if (err) + goto out; /* Sign data. */ From cvs at cvs.gnupg.org Thu May 5 21:03:17 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Thu May 5 21:03:20 2005 Subject: gnupg/g10 (ChangeLog g10.c keyedit.c keygen.c main.h options.h sign.c) Message-ID: Date: Thursday, May 5, 2005 @ 21:21:41 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog g10.c keyedit.c keygen.c main.h options.h sign.c * options.h, g10.c (main): Add new --default-sig-expire and --default-cert-expire options. Suggested by Florian Weimer. * main.h, keygen.c (parse_expire_string, ask_expire_interval): Use defaults passed in, or "0" to control what default expiration is. * keyedit.c (sign_uids), sign.c (sign_file, clearsign_file, sign_symencrypt_file): Call them here, so that default expiration is used when --ask-xxxxx-expire is off. -----------+ ChangeLog | 12 ++++++++++ g10.c | 42 ++++++++++++++++++++++++++++------- keyedit.c | 9 +++++-- keygen.c | 72 ++++++++++++++++++++++++++++++++++++++---------------------- main.h | 7 +++-- options.h | 2 + sign.c | 31 +++++++++++++++++++------ 7 files changed, 128 insertions(+), 47 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.727 gnupg/g10/ChangeLog:1.728 --- gnupg/g10/ChangeLog:1.727 Wed May 4 00:27:07 2005 +++ gnupg/g10/ChangeLog Thu May 5 21:21:40 2005 @@ -1,3 +1,15 @@ +2005-05-05 David Shaw + + * options.h, g10.c (main): Add new --default-sig-expire and + --default-cert-expire options. Suggested by Florian Weimer. + + * main.h, keygen.c (parse_expire_string, ask_expire_interval): Use + defaults passed in, or "0" to control what default expiration is. + + * keyedit.c (sign_uids), sign.c (sign_file, clearsign_file, + sign_symencrypt_file): Call them here, so that default expiration + is used when --ask-xxxxx-expire is off. + 2005-05-03 Werner Koch * passphrase.c (agent_get_passphrase): Add new arg CACHEID. Index: gnupg/g10/g10.c diff -u gnupg/g10/g10.c:1.301 gnupg/g10/g10.c:1.302 --- gnupg/g10/g10.c:1.301 Mon Apr 11 20:24:09 2005 +++ gnupg/g10/g10.c Thu May 5 21:21:40 2005 @@ -1,6 +1,6 @@ /* g10.c - The GnuPG utility (main for gpg) - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 - * 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -157,18 +157,20 @@ oNoTextmode, oExpert, oNoExpert, + oDefSigExpire, oAskSigExpire, oNoAskSigExpire, + oDefCertExpire, oAskCertExpire, oNoAskCertExpire, + oDefCertLevel, + oMinCertLevel, oAskCertLevel, oNoAskCertLevel, oFingerprint, oWithFingerprint, oAnswerYes, oAnswerNo, - oDefCertLevel, - oMinCertLevel, oKeyring, oPrimaryKeyring, oSecretKeyring, @@ -443,10 +445,14 @@ { oNoTextmode, "no-textmode", 0, "@"}, { oExpert, "expert", 0, "@"}, { oNoExpert, "no-expert", 0, "@"}, + { oDefSigExpire, "default-sig-expire", 2, "@"}, { oAskSigExpire, "ask-sig-expire", 0, "@"}, { oNoAskSigExpire, "no-ask-sig-expire", 0, "@"}, + { oDefCertExpire, "default-cert-expire", 2, "@"}, { oAskCertExpire, "ask-cert-expire", 0, "@"}, { oNoAskCertExpire, "no-ask-cert-expire", 0, "@"}, + { oDefCertLevel, "default-cert-level", 1, "@"}, + { oMinCertLevel, "min-cert-level", 1, "@"}, { oAskCertLevel, "ask-cert-level", 0, "@"}, { oNoAskCertLevel, "no-ask-cert-level", 0, "@"}, { oOutput, "output", 2, N_("use as output file")}, @@ -579,8 +585,6 @@ { oCompressKeys, "compress-keys",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"}, { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */ - { oDefCertLevel, "default-cert-level", 1, "@"}, - { oMinCertLevel, "min-cert-level", 1, "@"}, { oAlwaysTrust, "always-trust", 0, "@"}, { oTrustModel, "trust-model", 2, "@"}, { oForceOwnertrust, "force-ownertrust", 2, "@"}, @@ -1673,6 +1677,8 @@ set_screen_dimensions(); opt.keyid_format=KF_SHORT; opt.rfc2440_text=1; + opt.def_sig_expire="0"; + opt.def_cert_expire="0"; set_homedir ( default_homedir () ); #ifdef ENABLE_CARD_SUPPORT @@ -2020,8 +2026,6 @@ break; case oNoArmor: opt.no_armor=1; opt.armor=0; break; case oNoDefKeyring: default_keyring = 0; break; - case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break; - case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break; case oNoGreeting: nogreeting = 1; break; case oNoVerbose: g10_opt_verbose = 0; opt.verbose = 0; opt.list_sigs=0; break; @@ -2227,10 +2231,32 @@ case oNoTextmode: opt.textmode=0; break; case oExpert: opt.expert = 1; break; case oNoExpert: opt.expert = 0; break; + case oDefSigExpire: + if(*pargs.r.ret_str!='\0') + { + if(parse_expire_string(pargs.r.ret_str)==-1) + log_error(_("`%s' is not a valid signature expiration\n"), + pargs.r.ret_str); + else + opt.def_sig_expire=pargs.r.ret_str; + } + break; case oAskSigExpire: opt.ask_sig_expire = 1; break; case oNoAskSigExpire: opt.ask_sig_expire = 0; break; + case oDefCertExpire: + if(*pargs.r.ret_str!='\0') + { + if(parse_expire_string(pargs.r.ret_str)==-1) + log_error(_("`%s' is not a valid signature expiration\n"), + pargs.r.ret_str); + else + opt.def_cert_expire=pargs.r.ret_str; + } + break; case oAskCertExpire: opt.ask_cert_expire = 1; break; case oNoAskCertExpire: opt.ask_cert_expire = 0; break; + case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break; + case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break; case oAskCertLevel: opt.ask_cert_level = 1; break; case oNoAskCertLevel: opt.ask_cert_level = 0; break; case oUser: /* store the local users */ Index: gnupg/g10/keyedit.c diff -u gnupg/g10/keyedit.c:1.178 gnupg/g10/keyedit.c:1.179 --- gnupg/g10/keyedit.c:1.178 Sun Apr 24 20:35:30 2005 +++ gnupg/g10/keyedit.c Thu May 5 21:21:40 2005 @@ -860,8 +860,13 @@ /* Only ask for duration if we haven't already set it to match the expiration of the pk */ - if(opt.ask_cert_expire && !duration && !selfsig) - duration=ask_expire_interval(1); + if(!duration && !selfsig) + { + if(opt.ask_cert_expire) + duration=ask_expire_interval(1,opt.def_cert_expire); + else + duration=parse_expire_string(opt.def_cert_expire)*86400L; + } if(duration) force_v4=1; Index: gnupg/g10/keygen.c diff -u gnupg/g10/keygen.c:1.148 gnupg/g10/keygen.c:1.149 --- gnupg/g10/keygen.c:1.148 Fri Apr 1 11:03:15 2005 +++ gnupg/g10/keygen.c Thu May 5 21:21:40 2005 @@ -1,6 +1,6 @@ /* keygen.c - generate a key pair - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1498,7 +1498,7 @@ * Parse an expire string and return it's value in days. * Returns -1 on error. */ -static int +int parse_expire_string( const char *string ) { int mult; @@ -1530,7 +1530,7 @@ /* object == 0 for a key, and 1 for a sig */ u32 -ask_expire_interval(int object) +ask_expire_interval(int object,const char *def_expire) { char *answer; int valid_days=0; @@ -1539,6 +1539,8 @@ switch(object) { case 0: + if(def_expire) + BUG(); tty_printf(_("Please specify how long the key should be valid.\n" " 0 = key does not expire\n" " = key expires in n days\n" @@ -1548,6 +1550,8 @@ break; case 1: + if(!def_expire) + BUG(); tty_printf(_("Please specify how long the signature should be valid.\n" " 0 = signature does not expire\n" " = signature expires in n days\n" @@ -1565,20 +1569,36 @@ * date */ answer = NULL; - for(;;) { + for(;;) + { u32 curtime=make_timestamp(); m_free(answer); if(object==0) answer = cpr_get("keygen.valid",_("Key is valid for? (0) ")); else - answer = cpr_get("siggen.valid",_("Signature is valid for? (0) ")); + { + char *prompt; + +#define PROMPTSTRING _("Signature is valid for? (%s) ") + /* This will actually end up larger than necessary because + of the 2 bytes for '%s' */ + prompt=m_alloc(strlen(PROMPTSTRING)+strlen(def_expire)+1); + sprintf(prompt,PROMPTSTRING,def_expire); +#undef PROMPTSTRING + + answer = cpr_get("siggen.valid",prompt); + m_free(prompt); + + if(*answer=='\0') + answer=m_strdup(def_expire); + } cpr_kill_prompt(); trim_spaces(answer); valid_days = parse_expire_string( answer ); if( valid_days < 0 ) { - tty_printf(_("invalid value\n")); - continue; + tty_printf(_("invalid value\n")); + continue; } if( !valid_days ) @@ -1589,24 +1609,24 @@ interval = 0; } else { - interval = valid_days * 86400L; + interval = valid_days * 86400L; - tty_printf(object==0 - ? _("Key expires at %s\n") - : _("Signature expires at %s\n"), - asctimestamp((ulong)(curtime + interval) ) ); - /* FIXME: This check yields warning on alhas: Write a - configure check and to this check here only for 32 bit - machines */ - if( (time_t)((ulong)(curtime+interval)) < 0 ) - tty_printf(_("Your system can't display dates beyond 2038.\n" - "However, it will be correctly handled up to 2106.\n")); + tty_printf(object==0 + ? _("Key expires at %s\n") + : _("Signature expires at %s\n"), + asctimestamp((ulong)(curtime + interval) ) ); + /* FIXME: This check yields warning on alhas: Write a + configure check and to this check here only for 32 bit + machines */ + if( (time_t)((ulong)(curtime+interval)) < 0 ) + tty_printf(_("Your system can't display dates beyond 2038.\n" + "However, it will be correctly handled up to 2106.\n")); } if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay", - _("Is this correct? (y/N) ")) ) - break; - } + _("Is this correct? (y/N) ")) ) + break; + } m_free(answer); return interval; } @@ -1614,7 +1634,7 @@ u32 ask_expiredate() { - u32 x = ask_expire_interval(0); + u32 x = ask_expire_interval(0,NULL); return x? make_timestamp() + x : 0; } @@ -2572,7 +2592,7 @@ para = r; } - expire = ask_expire_interval(0); + expire = ask_expire_interval(0,NULL); r = m_alloc_clear( sizeof *r + 20 ); r->key = pKEYEXPIRE; r->u.expire = expire; @@ -3085,7 +3105,7 @@ algo = ask_algo( 1, &use ); assert(algo); nbits = ask_keysize( algo ); - expire = ask_expire_interval(0); + expire = ask_expire_interval(0,NULL); if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", _("Really create? (y/N) "))) goto leave; @@ -3203,7 +3223,7 @@ goto leave; algo = PUBKEY_ALGO_RSA; - expire = ask_expire_interval (0); + expire = ask_expire_interval (0,NULL); if (keyno == 1) use = PUBKEY_USAGE_SIG; else if (keyno == 2) Index: gnupg/g10/main.h diff -u gnupg/g10/main.h:1.126 gnupg/g10/main.h:1.127 --- gnupg/g10/main.h:1.126 Mon Apr 11 20:24:09 2005 +++ gnupg/g10/main.h Thu May 5 21:21:40 2005 @@ -1,6 +1,6 @@ /* main.h - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -165,7 +165,8 @@ void show_basic_key_info (KBNODE keyblock); /*-- keygen.c --*/ -u32 ask_expire_interval(int object); +int parse_expire_string(const char *string); +u32 ask_expire_interval(int object,const char *def_expire); u32 ask_expiredate(void); void generate_keypair( const char *fname, const char *card_serialno, const char *backup_encryption_dir ); Index: gnupg/g10/options.h diff -u gnupg/g10/options.h:1.135 gnupg/g10/options.h:1.136 --- gnupg/g10/options.h:1.135 Wed Mar 30 12:39:13 2005 +++ gnupg/g10/options.h Thu May 5 21:21:40 2005 @@ -50,7 +50,9 @@ int list_only; int textmode; int expert; + const char *def_sig_expire; int ask_sig_expire; + const char *def_cert_expire; int ask_cert_expire; int batch; /* run in batch mode */ int answer_yes; /* answer yes on most questions */ Index: gnupg/g10/sign.c diff -u gnupg/g10/sign.c:1.137 gnupg/g10/sign.c:1.138 --- gnupg/g10/sign.c:1.137 Wed May 4 00:27:07 2005 +++ gnupg/g10/sign.c Thu May 5 21:21:40 2005 @@ -1,6 +1,6 @@ /* sign.c - sign data - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -744,8 +744,13 @@ && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) goto leave; - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) - duration=ask_expire_interval(1); + if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + { + if(opt.ask_sig_expire) + duration=ask_expire_interval(1,opt.def_sig_expire); + else + duration=parse_expire_string(opt.def_sig_expire)*86400L; + } if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; @@ -1009,8 +1014,13 @@ memset( &afx, 0, sizeof afx); init_packet( &pkt ); - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) - duration=ask_expire_interval(1); + if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + { + if(opt.ask_sig_expire) + duration=ask_expire_interval(1,opt.def_sig_expire); + else + duration=parse_expire_string(opt.def_sig_expire)*86400L; + } if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; @@ -1163,8 +1173,13 @@ memset( &cfx, 0, sizeof cfx); init_packet( &pkt ); - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) - duration=ask_expire_interval(1); + if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + { + if(opt.ask_sig_expire) + duration=ask_expire_interval(1,opt.def_sig_expire); + else + duration=parse_expire_string(opt.def_sig_expire)*86400L; + } rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); if (rc) From cvs at cvs.gnupg.org Thu May 5 23:00:23 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Thu May 5 23:00:28 2005 Subject: gnupg/g10 (ChangeLog keygen.c) Message-ID: Date: Thursday, May 5, 2005 @ 23:18:47 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog keygen.c * keygen.c (keygen_set_std_prefs): Add SHA256 and BZip2 to default preferences. -----------+ ChangeLog | 3 +++ keygen.c | 22 +++++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.728 gnupg/g10/ChangeLog:1.729 --- gnupg/g10/ChangeLog:1.728 Thu May 5 21:21:40 2005 +++ gnupg/g10/ChangeLog Thu May 5 23:18:47 2005 @@ -1,5 +1,8 @@ 2005-05-05 David Shaw + * keygen.c (keygen_set_std_prefs): Add SHA256 and BZip2 to default + preferences. + * options.h, g10.c (main): Add new --default-sig-expire and --default-cert-expire options. Suggested by Florian Weimer. Index: gnupg/g10/keygen.c diff -u gnupg/g10/keygen.c:1.149 gnupg/g10/keygen.c:1.150 --- gnupg/g10/keygen.c:1.149 Thu May 5 21:21:40 2005 +++ gnupg/g10/keygen.c Thu May 5 23:18:47 2005 @@ -348,7 +348,8 @@ */ /* Make sure we do not add more than 15 items here, as we - could overflow the size of dummy_string. */ + could overflow the size of dummy_string. We currently + have at most 12. */ if(!check_cipher_algo(CIPHER_ALGO_AES256)) strcat(dummy_string,"S9 "); if(!check_cipher_algo(CIPHER_ALGO_AES192)) @@ -368,8 +369,23 @@ if(!check_cipher_algo(CIPHER_ALGO_IDEA)) strcat(dummy_string,"S1 "); - /* SHA-1, RIPEMD160, ZLIB, ZIP */ - strcat(dummy_string,"H2 H3 Z2 Z1"); + /* SHA-1 */ + strcat(dummy_string,"H2 "); + + if(!check_digest_algo(DIGEST_ALGO_SHA256)) + strcat(dummy_string,"H8 "); + + /* RIPEMD160 */ + strcat(dummy_string,"H3 "); + + /* ZLIB */ + strcat(dummy_string,"Z2 "); + + if(!check_compress_algo(COMPRESS_ALGO_BZIP2)) + strcat(dummy_string,"Z3 "); + + /* ZIP */ + strcat(dummy_string,"Z1"); string=dummy_string; } From cvs at cvs.gnupg.org Thu May 5 23:50:13 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Thu May 5 23:50:17 2005 Subject: gnupg/g10 (ChangeLog encode.c keygen.c options.h) Message-ID: Date: Friday, May 6, 2005 @ 00:08:37 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog encode.c keygen.c options.h * keygen.c (start_tree): New function to "prime" a KBNODE list. (do_generate_keypair): Use it here rather than creating and deleting a comment packet. * keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as a comment. * options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create): Remove disabled comment packet code. -----------+ ChangeLog | 10 ++++++++++ encode.c | 22 ++++------------------ keygen.c | 46 ++++++++++++++++++++-------------------------- options.h | 2 -- 4 files changed, 34 insertions(+), 46 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.729 gnupg/g10/ChangeLog:1.730 --- gnupg/g10/ChangeLog:1.729 Thu May 5 23:18:47 2005 +++ gnupg/g10/ChangeLog Fri May 6 00:08:37 2005 @@ -1,5 +1,15 @@ 2005-05-05 David Shaw + * keygen.c (start_tree): New function to "prime" a KBNODE list. + (do_generate_keypair): Use it here rather than creating and + deleting a comment packet. + + * keygen.c (gen_elg, gen_dsa): Do not put public factors in secret + key as a comment. + + * options.h, encode.c (encode_simple, encode_crypt), keygen.c + (do_create): Remove disabled comment packet code. + * keygen.c (keygen_set_std_prefs): Add SHA256 and BZip2 to default preferences. Index: gnupg/g10/encode.c diff -u gnupg/g10/encode.c:1.93 gnupg/g10/encode.c:1.94 --- gnupg/g10/encode.c:1.93 Thu Nov 4 23:28:39 2004 +++ gnupg/g10/encode.c Fri May 6 00:08:37 2005 @@ -1,6 +1,6 @@ /* encode.c - encode data - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -248,14 +248,7 @@ if( opt.armor ) iobuf_push_filter( out, armor_filter, &afx ); -#ifdef ENABLE_COMMENT_PACKETS - else { - write_comment( out, "#created by GNUPG v" VERSION " (" - PRINTABLE_OS_NAME ")"); - if( opt.comment_string ) - write_comment( out, opt.comment_string ); - } -#endif + if( s2k && !RFC1991 ) { PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc + seskeylen + 1 ); enc->version = 4; @@ -504,14 +497,7 @@ if( opt.armor ) iobuf_push_filter( out, armor_filter, &afx ); -#ifdef ENABLE_COMMENT_PACKETS - else { - write_comment( out, "#created by GNUPG v" VERSION " (" - PRINTABLE_OS_NAME ")"); - if( opt.comment_string ) - write_comment( out, opt.comment_string ); - } -#endif + /* create a session key */ cfx.dek = m_alloc_secure_clear (sizeof *cfx.dek); if( !opt.def_cipher_algo ) { /* try to get it from the prefs */ Index: gnupg/g10/keygen.c diff -u gnupg/g10/keygen.c:1.150 gnupg/g10/keygen.c:1.151 --- gnupg/g10/keygen.c:1.150 Thu May 5 23:18:47 2005 +++ gnupg/g10/keygen.c Fri May 6 00:08:37 2005 @@ -990,7 +990,6 @@ STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval, int is_subkey) { int rc; - int i; PACKET *pkt; PKT_secret_key *sk; PKT_public_key *pk; @@ -1060,9 +1059,6 @@ pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY; pkt->pkt.secret_key = sk; add_kbnode(sec_root, new_kbnode( pkt )); - for(i=0; factors[i]; i++ ) - add_kbnode( sec_root, - make_mpi_comment_node("#:ELG_factor:", factors[i] )); return 0; } @@ -1076,7 +1072,6 @@ STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval, int is_subkey) { int rc; - int i; PACKET *pkt; PKT_secret_key *sk; PKT_public_key *pk; @@ -1150,9 +1145,6 @@ pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY; pkt->pkt.secret_key = sk; add_kbnode(sec_root, new_kbnode( pkt )); - for(i=1; factors[i]; i++ ) /* the first one is q */ - add_kbnode( sec_root, - make_mpi_comment_node("#:DSA_factor:", factors[i] )); return 0; } @@ -1916,16 +1908,6 @@ else BUG(); -#ifdef ENABLE_COMMENT_PACKETS - if( !rc ) { - add_kbnode( pub_root, - make_comment_node("#created by GNUPG v" VERSION " (" - PRINTABLE_OS_NAME ")")); - add_kbnode( sec_root, - make_comment_node("#created by GNUPG v" VERSION " (" - PRINTABLE_OS_NAME ")")); - } -#endif return rc; } @@ -2732,6 +2714,17 @@ } #endif /* ENABLE_CARD_SUPPORT */ +/* Create and delete a dummy packet to start off a list of kbnodes. */ +static void +start_tree(KBNODE *tree) +{ + PACKET *pkt; + + pkt=m_alloc_clear(sizeof(*pkt)); + pkt->pkttype=PKT_NONE; + *tree=new_kbnode(pkt); + delete_kbnode(*tree); +} static void do_generate_keypair( struct para_data_s *para, @@ -2745,11 +2738,11 @@ int rc; int did_sub = 0; - if( outctrl->dryrun ) { + if( outctrl->dryrun ) + { log_info("dry-run mode - key generation skipped\n"); return; - } - + } if( outctrl->use_files ) { if( outctrl->pub.newfname ) { @@ -2821,13 +2814,14 @@ } - /* we create the packets as a tree of kbnodes. Because the structure - * we create is known in advance we simply generate a linked list - * The first packet is a dummy comment packet which we flag + /* we create the packets as a tree of kbnodes. Because the + * structure we create is known in advance we simply generate a + * linked list. The first packet is a dummy packet which we flag * as deleted. The very first packet must always be a KEY packet. */ - pub_root = make_comment_node("#"); delete_kbnode(pub_root); - sec_root = make_comment_node("#"); delete_kbnode(sec_root); + + start_tree(&pub_root); + start_tree(&sec_root); if (!card) { Index: gnupg/g10/options.h diff -u gnupg/g10/options.h:1.136 gnupg/g10/options.h:1.137 --- gnupg/g10/options.h:1.136 Thu May 5 21:21:40 2005 +++ gnupg/g10/options.h Fri May 6 00:08:37 2005 @@ -26,8 +26,6 @@ #include "main.h" #include "packet.h" -#undef ENABLE_COMMENT_PACKETS /* don't create comment packets */ - #ifndef EXTERN_UNLESS_MAIN_MODULE /* Norcraft can't cope with common symbols */ #if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) From cvs at cvs.gnupg.org Fri May 6 00:03:13 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Fri May 6 00:03:16 2005 Subject: gnupg (include/ChangeLog include/util.h util/ChangeLog util/miscutil.c) Message-ID: Date: Friday, May 6, 2005 @ 00:21:34 Author: dshaw Path: /cvs/gnupg/gnupg Modified: include/ChangeLog include/util.h util/ChangeLog util/miscutil.c Remove add_days_to_timestamp (unused) -------------------+ include/ChangeLog | 4 ++++ include/util.h | 1 - util/ChangeLog | 4 ++++ util/miscutil.c | 7 ------- 4 files changed, 8 insertions(+), 8 deletions(-) Index: gnupg/include/ChangeLog diff -u gnupg/include/ChangeLog:1.85 gnupg/include/ChangeLog:1.86 --- gnupg/include/ChangeLog:1.85 Sat Apr 23 01:52:58 2005 +++ gnupg/include/ChangeLog Fri May 6 00:21:33 2005 @@ -1,3 +1,7 @@ +2005-05-05 David Shaw + + * util.h: Remove add_days_to_timestamp as unused. + 2005-04-22 David Shaw * distfiles: Add assuan.h. Index: gnupg/include/util.h diff -u gnupg/include/util.h:1.79 gnupg/include/util.h:1.80 --- gnupg/include/util.h:1.79 Mon Mar 14 21:41:20 2005 +++ gnupg/include/util.h Fri May 6 00:21:33 2005 @@ -149,7 +149,6 @@ /*-- miscutil.c --*/ u32 make_timestamp(void); u32 scan_isodatestr( const char *string ); -u32 add_days_to_timestamp( u32 stamp, u16 days ); const char *strtimevalue( u32 stamp ); const char *strtimestamp( u32 stamp ); /* GMT */ const char *isotimestamp( u32 stamp ); /* GMT with hh:mm:ss */ Index: gnupg/util/ChangeLog diff -u gnupg/util/ChangeLog:1.186 gnupg/util/ChangeLog:1.187 --- gnupg/util/ChangeLog:1.186 Tue Apr 12 18:08:51 2005 +++ gnupg/util/ChangeLog Fri May 6 00:21:34 2005 @@ -1,3 +1,7 @@ +2005-05-05 David Shaw + + * miscutil.c (add_days_to_timestamp): Remove as unused. + 2005-04-12 David Shaw * assuan-client.c: Fix warning on OSX. Index: gnupg/util/miscutil.c diff -u gnupg/util/miscutil.c:1.35 gnupg/util/miscutil.c:1.36 --- gnupg/util/miscutil.c:1.35 Mon Mar 14 21:41:20 2005 +++ gnupg/util/miscutil.c Fri May 6 00:21:34 2005 @@ -81,13 +81,6 @@ } -u32 -add_days_to_timestamp( u32 stamp, u16 days ) -{ - return stamp + days*86400L; -} - - /**************** * Return a string with a time value in the form: x Y, n D, n H */ From cvs at cvs.gnupg.org Fri May 6 00:14:28 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Fri May 6 00:14:30 2005 Subject: gnupg/g10 (ChangeLog Makefile.am comment.c main.h packet.h) Message-ID: Date: Friday, May 6, 2005 @ 00:32:52 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog Makefile.am main.h packet.h Removed: comment.c * Makefile.am, packet.h, main.h, comment.c: Remove comment.c. We don't use any of these functions any longer. -------------+ ChangeLog | 3 + Makefile.am | 1 comment.c | 103 ---------------------------------------------------------- main.h | 4 -- packet.h | 3 - 5 files changed, 3 insertions(+), 111 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.730 gnupg/g10/ChangeLog:1.731 --- gnupg/g10/ChangeLog:1.730 Fri May 6 00:08:37 2005 +++ gnupg/g10/ChangeLog Fri May 6 00:32:52 2005 @@ -1,5 +1,8 @@ 2005-05-05 David Shaw + * Makefile.am, packet.h, main.h, comment.c: Remove comment.c. We + don't use any of these functions any longer. + * keygen.c (start_tree): New function to "prime" a KBNODE list. (do_generate_keypair): Use it here rather than creating and deleting a comment packet. Index: gnupg/g10/Makefile.am diff -u gnupg/g10/Makefile.am:1.90 gnupg/g10/Makefile.am:1.91 --- gnupg/g10/Makefile.am:1.90 Fri Mar 18 00:14:47 2005 +++ gnupg/g10/Makefile.am Fri May 6 00:32:52 2005 @@ -62,7 +62,6 @@ keyid.c \ packet.h \ parse-packet.c \ - comment.c \ status.c \ status.h \ plaintext.c \ Index: gnupg/g10/comment.c diff -u gnupg/g10/comment.c:1.12 gnupg/g10/comment.c:removed --- gnupg/g10/comment.c:1.12 Sat Jun 29 15:46:33 2002 +++ gnupg/g10/comment.c Fri May 6 00:32:53 2005 @@ -1,103 +0,0 @@ -/* comment.c - write comment stuff - * Copyright (C) 1998 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -#include -#include -#include -#include -#include -#include - -#include "options.h" -#include "packet.h" -#include "errors.h" -#include "iobuf.h" -#include "memory.h" -#include "util.h" -#include "main.h" -#include "keydb.h" - - - -int -write_comment( IOBUF out, const char *s ) -{ - PACKET pkt; - size_t n = strlen(s); - int rc=0; - - pkt.pkttype = PKT_COMMENT; - if( *s != '#' ) { - pkt.pkt.comment = m_alloc( sizeof *pkt.pkt.comment + n ); - pkt.pkt.comment->len = n+1; - *pkt.pkt.comment->data = '#'; - strcpy(pkt.pkt.comment->data+1, s); - } - else { - pkt.pkt.comment = m_alloc( sizeof *pkt.pkt.comment + n - 1 ); - pkt.pkt.comment->len = n; - strcpy(pkt.pkt.comment->data, s); - } - if( (rc = build_packet( out, &pkt )) ) - log_error("build_packet(comment) failed: %s\n", g10_errstr(rc) ); - free_packet( &pkt ); - return rc; -} - - -KBNODE -make_comment_node( const char *s ) -{ - PACKET *pkt; - size_t n = strlen(s); - - pkt = m_alloc_clear( sizeof *pkt ); - pkt->pkttype = PKT_COMMENT; - pkt->pkt.comment = m_alloc( sizeof *pkt->pkt.comment + n - 1 ); - pkt->pkt.comment->len = n; - strcpy(pkt->pkt.comment->data, s); - return new_kbnode( pkt ); -} - - -KBNODE -make_mpi_comment_node( const char *s, MPI a ) -{ - PACKET *pkt; - byte *buf, *p, *pp; - unsigned n1, nb1; - size_t n = strlen(s); - - nb1 = mpi_get_nbits( a ); - p = buf = mpi_get_buffer( a, &n1, NULL ); - pkt = m_alloc_clear( sizeof *pkt ); - pkt->pkttype = PKT_COMMENT; - pkt->pkt.comment = m_alloc( sizeof *pkt->pkt.comment + n + 2 + n1 ); - pkt->pkt.comment->len = n+1+2+n1; - pp = pkt->pkt.comment->data; - memcpy(pp, s, n+1); - pp[n+1] = nb1 >> 8; - pp[n+2] = nb1 ; - memcpy(pp+n+3, p, n1 ); - m_free(buf); - return new_kbnode( pkt ); -} - - Index: gnupg/g10/main.h diff -u gnupg/g10/main.h:1.127 gnupg/g10/main.h:1.128 --- gnupg/g10/main.h:1.127 Thu May 5 21:21:40 2005 +++ gnupg/g10/main.h Fri May 6 00:32:52 2005 @@ -198,10 +198,6 @@ MPI encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo, unsigned nbits ); -/*-- comment.c --*/ -KBNODE make_comment_node( const char *s ); -KBNODE make_mpi_comment_node( const char *s, MPI a ); - /*-- import.c --*/ int parse_import_options(char *str,unsigned int *options,int noisy); void import_keys( char **fnames, int nnames, Index: gnupg/g10/packet.h diff -u gnupg/g10/packet.h:1.93 gnupg/g10/packet.h:1.94 --- gnupg/g10/packet.h:1.93 Thu Dec 30 04:26:57 2004 +++ gnupg/g10/packet.h Fri May 6 00:32:52 2005 @@ -503,9 +503,6 @@ int ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2, const char *inname, int textmode ); -/*-- comment.c --*/ -int write_comment( IOBUF out, const char *s ); - /*-- sign.c --*/ int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, PKT_user_id *uid, PKT_public_key *subpk, From cvs at cvs.gnupg.org Fri May 6 14:45:00 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Fri May 6 14:45:04 2005 Subject: gnupg/g10 (ChangeLog sign.c) Message-ID: Date: Friday, May 6, 2005 @ 15:03:22 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog sign.c * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Use the default sig expire value when signing in batchmode. -----------+ ChangeLog | 5 +++++ sign.c | 12 ++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.731 gnupg/g10/ChangeLog:1.732 --- gnupg/g10/ChangeLog:1.731 Fri May 6 00:32:52 2005 +++ gnupg/g10/ChangeLog Fri May 6 15:03:22 2005 @@ -1,3 +1,8 @@ +2005-05-06 David Shaw + + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Use + the default sig expire value when signing in batchmode. + 2005-05-05 David Shaw * Makefile.am, packet.h, main.h, comment.c: Remove comment.c. We Index: gnupg/g10/sign.c diff -u gnupg/g10/sign.c:1.138 gnupg/g10/sign.c:1.139 --- gnupg/g10/sign.c:1.138 Thu May 5 21:21:40 2005 +++ gnupg/g10/sign.c Fri May 6 15:03:22 2005 @@ -744,9 +744,9 @@ && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) goto leave; - if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + if(!opt.force_v3_sigs && !RFC1991) { - if(opt.ask_sig_expire) + if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); else duration=parse_expire_string(opt.def_sig_expire)*86400L; @@ -1014,9 +1014,9 @@ memset( &afx, 0, sizeof afx); init_packet( &pkt ); - if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + if(!opt.force_v3_sigs && !RFC1991) { - if(opt.ask_sig_expire) + if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); else duration=parse_expire_string(opt.def_sig_expire)*86400L; @@ -1173,9 +1173,9 @@ memset( &cfx, 0, sizeof cfx); init_packet( &pkt ); - if(!opt.force_v3_sigs && !opt.batch && !RFC1991) + if(!opt.force_v3_sigs && !RFC1991) { - if(opt.ask_sig_expire) + if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); else duration=parse_expire_string(opt.def_sig_expire)*86400L; From cvs at cvs.gnupg.org Fri May 6 21:06:54 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Fri May 6 21:06:56 2005 Subject: gnupg/g10 (ChangeLog g10.c keyedit.c keygen.c main.h sign.c) Message-ID: Date: Friday, May 6, 2005 @ 21:25:19 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog g10.c keyedit.c keygen.c main.h sign.c * main.h, keygen.c (parse_expire_string, ask_expire_interval), sign.c (sign_file, clearsign_file, sign_symencrypt_file), g10.c (main), keyedit.c (sign_uids): Use seconds rather than days internally to calculate expiration. We no longer need the day-based code as we don't generate v3 keys. -----------+ ChangeLog | 6 +++ g10.c | 4 +- keyedit.c | 2 - keygen.c | 107 +++++++++++++++++++++++++++++------------------------------- main.h | 2 - sign.c | 6 +-- 6 files changed, 65 insertions(+), 62 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.732 gnupg/g10/ChangeLog:1.733 --- gnupg/g10/ChangeLog:1.732 Fri May 6 15:03:22 2005 +++ gnupg/g10/ChangeLog Fri May 6 21:25:19 2005 @@ -1,5 +1,11 @@ 2005-05-06 David Shaw + * main.h, keygen.c (parse_expire_string, ask_expire_interval), + sign.c (sign_file, clearsign_file, sign_symencrypt_file), g10.c + (main), keyedit.c (sign_uids): Use seconds rather than days + internally to calculate expiration. We no longer need the + day-based code as we don't generate v3 keys. + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Use the default sig expire value when signing in batchmode. Index: gnupg/g10/g10.c diff -u gnupg/g10/g10.c:1.302 gnupg/g10/g10.c:1.303 --- gnupg/g10/g10.c:1.302 Thu May 5 21:21:40 2005 +++ gnupg/g10/g10.c Fri May 6 21:25:19 2005 @@ -2234,7 +2234,7 @@ case oDefSigExpire: if(*pargs.r.ret_str!='\0') { - if(parse_expire_string(pargs.r.ret_str)==-1) + if(parse_expire_string(pargs.r.ret_str)==(u32)-1) log_error(_("`%s' is not a valid signature expiration\n"), pargs.r.ret_str); else @@ -2246,7 +2246,7 @@ case oDefCertExpire: if(*pargs.r.ret_str!='\0') { - if(parse_expire_string(pargs.r.ret_str)==-1) + if(parse_expire_string(pargs.r.ret_str)==(u32)-1) log_error(_("`%s' is not a valid signature expiration\n"), pargs.r.ret_str); else Index: gnupg/g10/keyedit.c diff -u gnupg/g10/keyedit.c:1.179 gnupg/g10/keyedit.c:1.180 --- gnupg/g10/keyedit.c:1.179 Thu May 5 21:21:40 2005 +++ gnupg/g10/keyedit.c Fri May 6 21:25:19 2005 @@ -865,7 +865,7 @@ if(opt.ask_cert_expire) duration=ask_expire_interval(1,opt.def_cert_expire); else - duration=parse_expire_string(opt.def_cert_expire)*86400L; + duration=parse_expire_string(opt.def_cert_expire); } if(duration) Index: gnupg/g10/keygen.c diff -u gnupg/g10/keygen.c:1.151 gnupg/g10/keygen.c:1.152 --- gnupg/g10/keygen.c:1.151 Fri May 6 00:08:37 2005 +++ gnupg/g10/keygen.c Fri May 6 21:25:19 2005 @@ -1503,46 +1503,39 @@ /**************** - * Parse an expire string and return it's value in days. - * Returns -1 on error. + * Parse an expire string and return its value in seconds. + * Returns (u32)-1 on error. + * This isn't perfect since scan_isodatestr returns unix time, and + * OpenPGP actually allows a 32-bit time *plus* a 32-bit offset. + * Because of this, we only permit setting expirations up to 2106, but + * OpenPGP could theoretically allow up to 2242. I think we'll all + * just cope for the next few years until we get a 64-bit time_t or + * similar. */ -int +u32 parse_expire_string( const char *string ) { int mult; - u32 abs_date=0; - u32 curtime = make_timestamp(); - int valid_days; + u32 seconds,abs_date=0,curtime = make_timestamp(); if( !*string ) - valid_days = 0; - else if( (abs_date = scan_isodatestr(string)) && abs_date > curtime ) { - /* This calculation is not perfectly okay because we - * are later going to simply multiply by 86400 and don't - * correct for leapseconds. A solution would be to change - * the whole implemenation to work with dates and not intervals - * which are required for v3 keys. - */ - valid_days = abs_date/86400-curtime/86400+1; - } - else if( (mult=check_valid_days(string)) ) { - valid_days = atoi(string) * mult; - if( valid_days < 0 || valid_days > 39447 ) - valid_days = 0; - } - else { - valid_days = -1; - } - return valid_days; + seconds = 0; + else if( (abs_date = scan_isodatestr(string)) && abs_date > curtime ) + seconds = abs_date - curtime; + else if( (mult=check_valid_days(string)) ) + seconds = atoi(string) * 86400L * mult; + else + seconds=(u32)-1; + + return seconds; } /* object == 0 for a key, and 1 for a sig */ u32 ask_expire_interval(int object,const char *def_expire) { + u32 interval; char *answer; - int valid_days=0; - u32 interval = 0; switch(object) { @@ -1603,38 +1596,38 @@ } cpr_kill_prompt(); trim_spaces(answer); - valid_days = parse_expire_string( answer ); - if( valid_days < 0 ) { - tty_printf(_("invalid value\n")); - continue; - } + interval = parse_expire_string( answer ); + if( interval == (u32)-1 ) + { + tty_printf(_("invalid value\n")); + continue; + } - if( !valid_days ) + if( !interval ) { tty_printf((object==0) ? _("Key does not expire at all\n") : _("Signature does not expire at all\n")); - interval = 0; } - else { - interval = valid_days * 86400L; - - tty_printf(object==0 - ? _("Key expires at %s\n") - : _("Signature expires at %s\n"), - asctimestamp((ulong)(curtime + interval) ) ); - /* FIXME: This check yields warning on alhas: Write a - configure check and to this check here only for 32 bit - machines */ - if( (time_t)((ulong)(curtime+interval)) < 0 ) - tty_printf(_("Your system can't display dates beyond 2038.\n" - "However, it will be correctly handled up to 2106.\n")); - } + else + { + tty_printf(object==0 + ? _("Key expires at %s\n") + : _("Signature expires at %s\n"), + asctimestamp((ulong)(curtime + interval) ) ); + /* FIXME: This check yields warning on alhas: Write a + configure check and to this check here only for 32 bit + machines */ + if( (time_t)((ulong)(curtime+interval)) < 0 ) + tty_printf(_("Your system can't display dates beyond 2038.\n" + "However, it will be correctly handled up to 2106.\n")); + } if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay", _("Is this correct? (y/N) ")) ) break; } + m_free(answer); return interval; } @@ -2206,21 +2199,25 @@ /* make KEYEXPIRE from Expire-Date */ r = get_parameter( para, pEXPIREDATE ); - if( r && *r->u.value ) { - i = parse_expire_string( r->u.value ); - if( i < 0 ) { + if( r && *r->u.value ) + { + u32 seconds; + + seconds = parse_expire_string( r->u.value ); + if( seconds == (u32)-1 ) + { log_error("%s:%d: invalid expire date\n", fname, r->lnr ); return -1; - } - r->u.expire = i * 86400L; + } + r->u.expire = seconds; r->key = pKEYEXPIRE; /* change hat entry */ /* also set it for the subkey */ r = m_alloc_clear( sizeof *r + 20 ); r->key = pSUBKEYEXPIRE; - r->u.expire = i * 86400L; + r->u.expire = seconds; r->next = para; para = r; - } + } if( !!outctrl->pub.newfname ^ !!outctrl->sec.newfname ) { log_error("%s:%d: only one ring name is set\n", fname, outctrl->lnr ); Index: gnupg/g10/main.h diff -u gnupg/g10/main.h:1.128 gnupg/g10/main.h:1.129 --- gnupg/g10/main.h:1.128 Fri May 6 00:32:52 2005 +++ gnupg/g10/main.h Fri May 6 21:25:19 2005 @@ -165,7 +165,7 @@ void show_basic_key_info (KBNODE keyblock); /*-- keygen.c --*/ -int parse_expire_string(const char *string); +u32 parse_expire_string(const char *string); u32 ask_expire_interval(int object,const char *def_expire); u32 ask_expiredate(void); void generate_keypair( const char *fname, const char *card_serialno, Index: gnupg/g10/sign.c diff -u gnupg/g10/sign.c:1.139 gnupg/g10/sign.c:1.140 --- gnupg/g10/sign.c:1.139 Fri May 6 15:03:22 2005 +++ gnupg/g10/sign.c Fri May 6 21:25:19 2005 @@ -749,7 +749,7 @@ if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); else - duration=parse_expire_string(opt.def_sig_expire)*86400L; + duration=parse_expire_string(opt.def_sig_expire); } if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) @@ -1019,7 +1019,7 @@ if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); else - duration=parse_expire_string(opt.def_sig_expire)*86400L; + duration=parse_expire_string(opt.def_sig_expire); } if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) @@ -1178,7 +1178,7 @@ if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); else - duration=parse_expire_string(opt.def_sig_expire)*86400L; + duration=parse_expire_string(opt.def_sig_expire); } rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); From cvs at cvs.gnupg.org Sat May 7 17:03:28 2005 From: cvs at cvs.gnupg.org (cvs user wk) Date: Sat May 7 17:03:32 2005 Subject: gnupg/g10 (ChangeLog ccid-driver.c) Message-ID: Date: Saturday, May 7, 2005 @ 17:22:01 Author: wk Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog ccid-driver.c (do_close_reader): Don't do a reset before close. Some folks reported that it makes the SCR335 hang less often. Look at the source on how to re-enable it. ---------------+ ChangeLog | 6 ++++++ ccid-driver.c | 5 +++-- 2 files changed, 9 insertions(+), 2 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.733 gnupg/g10/ChangeLog:1.734 --- gnupg/g10/ChangeLog:1.733 Fri May 6 21:25:19 2005 +++ gnupg/g10/ChangeLog Sat May 7 17:22:01 2005 @@ -1,3 +1,9 @@ +2005-05-07 Werner Koch + + * ccid-driver.c (do_close_reader): Don't do a reset before close. + Some folks reported that it makes the SCR335 hang less often. + Look at the source on how to re-enable it. + 2005-05-06 David Shaw * main.h, keygen.c (parse_expire_string, ask_expire_interval), Index: gnupg/g10/ccid-driver.c diff -u gnupg/g10/ccid-driver.c:1.23 gnupg/g10/ccid-driver.c:1.24 --- gnupg/g10/ccid-driver.c:1.23 Thu Apr 7 10:31:23 2005 +++ gnupg/g10/ccid-driver.c Sat May 7 17:22:01 2005 @@ -52,7 +52,7 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Date: 2005/04/07 08:31:23 $ + * $Date: 2005/05/07 15:22:01 $ */ @@ -986,7 +986,8 @@ } if (handle->idev) { - usb_reset (handle->idev); + if (getenv ("GNUPG_CCID_DRIVER_RESET_BEFORE_CLOSE")) + usb_reset (handle->idev); usb_release_interface (handle->idev, handle->ifc_no); usb_close (handle->idev); handle->idev = NULL; From cvs at cvs.gnupg.org Wed May 11 14:29:59 2005 From: cvs at cvs.gnupg.org (cvs user marcus) Date: Wed May 11 14:30:08 2005 Subject: gpgme/gpgme (ChangeLog w32-io.c) Message-ID: Date: Wednesday, May 11, 2005 @ 14:48:56 Author: marcus Path: /cvs/gpgme/gpgme/gpgme Modified: ChangeLog w32-io.c 2005-05-11 Marcus Brinkmann * w32-io.c (_gpgme_io_select): Fix loop increment. -----------+ ChangeLog | 4 ++++ w32-io.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) Index: gpgme/gpgme/ChangeLog diff -u gpgme/gpgme/ChangeLog:1.399 gpgme/gpgme/ChangeLog:1.400 --- gpgme/gpgme/ChangeLog:1.399 Thu May 5 14:00:11 2005 +++ gpgme/gpgme/ChangeLog Wed May 11 14:48:55 2005 @@ -1,3 +1,7 @@ +2005-05-11 Marcus Brinkmann + + * w32-io.c (_gpgme_io_select): Fix loop increment. + 2005-05-05 Marcus Brinkmann * data-user.c (user_release): Only call user hook if provided. Index: gpgme/gpgme/w32-io.c diff -u gpgme/gpgme/w32-io.c:1.32 gpgme/gpgme/w32-io.c:1.33 --- gpgme/gpgme/w32-io.c:1.32 Thu Mar 24 14:05:12 2005 +++ gpgme/gpgme/w32-io.c Wed May 11 14:48:55 2005 @@ -1085,7 +1085,7 @@ int k, j = handle_to_fd (waitbuf[i]); DEBUG1 ("WFMO invalid handle %d removed\n", j); - for (k=0 ; k < nfds; i++ ) { + for (k=0 ; k < nfds; k++ ) { if ( fds[k].fd == j ) { fds[k].for_read = fds[k].for_write = 0; goto restart; From cvs at cvs.gnupg.org Wed May 11 21:12:54 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Wed May 11 21:12:59 2005 Subject: gnupg/g10 (ChangeLog keygen.c parse-packet.c) Message-ID: Date: Wednesday, May 11, 2005 @ 21:31:53 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog keygen.c parse-packet.c * keygen.c (write_selfsigs): Rename from write_selfsig. Write the same selfsig into both the pk and sk, so that someone importing their sk (which will get an autoconvert to the pk) won't end up with two selfsigs. (do_generate_keypair): Call it from here. * parse-packet.c (can_handle_critical_notation): New. Check for particular notation tags that we will accept when critical. Currently, that's only preferred-email-encoding@pgp.com, since we know how to handle it (pass it through to a mail program). (can_handle_critical): Call it from here. (parse_one_sig_subpkt): Sanity check that notations are well-formed in that the internal lengths add up to the size of the subpacket. ----------------+ ChangeLog | 17 +++++++++++++++++ keygen.c | 28 ++++++++++++++++------------ parse-packet.c | 26 +++++++++++++++++++------- 3 files changed, 52 insertions(+), 19 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.734 gnupg/g10/ChangeLog:1.735 --- gnupg/g10/ChangeLog:1.734 Sat May 7 17:22:01 2005 +++ gnupg/g10/ChangeLog Wed May 11 21:31:53 2005 @@ -1,3 +1,20 @@ +2005-05-11 David Shaw + + * keygen.c (write_selfsigs): Rename from write_selfsig. Write the + same selfsig into both the pk and sk, so that someone importing + their sk (which will get an autoconvert to the pk) won't end up + with two selfsigs. + (do_generate_keypair): Call it from here. + + * parse-packet.c (can_handle_critical_notation): New. Check for + particular notation tags that we will accept when critical. + Currently, that's only preferred-email-encoding@pgp.com, since we + know how to handle it (pass it through to a mail program). + (can_handle_critical): Call it from here. + (parse_one_sig_subpkt): Sanity check that notations are + well-formed in that the internal lengths add up to the size of the + subpacket. + 2005-05-07 Werner Koch * ccid-driver.c (do_close_reader): Don't do a reset before close. Index: gnupg/g10/keygen.c diff -u gnupg/g10/keygen.c:1.152 gnupg/g10/keygen.c:1.153 --- gnupg/g10/keygen.c:1.152 Fri May 6 21:25:19 2005 +++ gnupg/g10/keygen.c Wed May 11 21:31:53 2005 @@ -882,8 +882,8 @@ } static int -write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk, - unsigned int use ) +write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk, + unsigned int use ) { PACKET *pkt; PKT_signature *sig; @@ -896,7 +896,7 @@ log_info(_("writing self signature\n")); /* get the uid packet from the list */ - node = find_kbnode( root, PKT_USER_ID ); + node = find_kbnode( pub_root, PKT_USER_ID ); if( !node ) BUG(); /* no user id packet in tree */ uid = node->pkt->pkt.user_id; @@ -921,7 +921,12 @@ pkt = m_alloc_clear( sizeof *pkt ); pkt->pkttype = PKT_SIGNATURE; pkt->pkt.signature = sig; - add_kbnode( root, new_kbnode( pkt ) ); + add_kbnode( sec_root, new_kbnode( pkt ) ); + + pkt = m_alloc_clear( sizeof *pkt ); + pkt->pkttype = PKT_SIGNATURE; + pkt->pkt.signature = copy_signature(NULL,sig); + add_kbnode( pub_root, new_kbnode( pkt ) ); return rc; } @@ -2848,17 +2853,16 @@ write_direct_sig(sec_root,pub_root,pri_sk,revkey); } - if( !rc && (s=get_parameter_value(para, pUSERID)) ) { + if( !rc && (s=get_parameter_value(para, pUSERID)) ) + { write_uid(pub_root, s ); if( !rc ) - write_uid(sec_root, s ); - if( !rc ) - rc = write_selfsig(pub_root, pub_root, pri_sk, - get_parameter_uint (para, pKEYUSAGE)); + write_uid(sec_root, s ); + if( !rc ) - rc = write_selfsig(sec_root, pub_root, pri_sk, - get_parameter_uint (para, pKEYUSAGE)); - } + rc = write_selfsigs(sec_root, pub_root, pri_sk, + get_parameter_uint (para, pKEYUSAGE)); + } /* Write the auth key to the card before the encryption key. This is a partial workaround for a PGP bug (as of this writing, all Index: gnupg/g10/parse-packet.c diff -u gnupg/g10/parse-packet.c:1.115 gnupg/g10/parse-packet.c:1.116 --- gnupg/g10/parse-packet.c:1.115 Thu Feb 3 10:32:53 2005 +++ gnupg/g10/parse-packet.c Wed May 11 21:31:53 2005 @@ -1,6 +1,6 @@ /* parse-packet.c - read packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1016,7 +1016,10 @@ break; return 0; case SIGSUBPKT_NOTATION: - if( n < 8 ) /* minimum length needed */ + /* minimum length needed, and the subpacket must be well-formed + where the name length and value length all fit inside the + packet. */ + if(n<8 || 8+((buffer[4]<<8)|buffer[5])+((buffer[6]<<8)|buffer[7]) != n) break; return 0; case SIGSUBPKT_PRIMARY_UID: @@ -1032,6 +1035,15 @@ return -2; } +/* Not many critical notations we understand yet... */ +static int +can_handle_critical_notation(const byte *name,size_t len) +{ + if(len==32 && memcmp(name,"preferred-email-encoding@pgp.com",32)==0) + return 1; + + return 0; +} static int can_handle_critical( const byte *buffer, size_t n, int type ) @@ -1039,10 +1051,10 @@ switch( type ) { case SIGSUBPKT_NOTATION: - if( n >= 8 && (*buffer & 0x80) ) - return 1; /* human readable is handled */ - return 0; - + if(n>=8) + return can_handle_critical_notation(buffer+8,(buffer[4]<<8)|buffer[5]); + else + return 0; case SIGSUBPKT_SIGNATURE: case SIGSUBPKT_SIG_CREATED: case SIGSUBPKT_SIG_EXPIRE: From cvs at cvs.gnupg.org Fri May 13 14:18:44 2005 From: cvs at cvs.gnupg.org (cvs user wk) Date: Fri May 13 14:18:46 2005 Subject: GNUPG-1-9-BRANCH gnupg/common (ChangeLog signal.c) Message-ID: Date: Friday, May 13, 2005 @ 14:37:52 Author: wk Path: /cvs/gnupg/gnupg/common Tag: GNUPG-1-9-BRANCH Modified: ChangeLog signal.c (got_fatal_signal): Print the signal number if we can't get a name for it. (get_signal_name): Return NULL if no name is available. -----------+ ChangeLog | 6 ++++++ signal.c | 39 +++++++++++++++++++++++++++++++++------ 2 files changed, 39 insertions(+), 6 deletions(-) Index: gnupg/common/ChangeLog diff -u gnupg/common/ChangeLog:1.30.2.48 gnupg/common/ChangeLog:1.30.2.49 --- gnupg/common/ChangeLog:1.30.2.48 Mon Apr 18 12:44:45 2005 +++ gnupg/common/ChangeLog Fri May 13 14:37:52 2005 @@ -1,3 +1,9 @@ +2005-05-13 Werner Koch + + * signal.c (got_fatal_signal): Print the signal number if we can't + get a name for it. + (get_signal_name): Return NULL if no name is available. + 2005-04-17 Werner Koch * sexputil.c (cmp_simple_canon_sexp): New. Index: gnupg/common/signal.c diff -u gnupg/common/signal.c:1.2.2.1 gnupg/common/signal.c:1.2.2.2 --- gnupg/common/signal.c:1.2.2.1 Tue Dec 21 11:03:00 2004 +++ gnupg/common/signal.c Fri May 13 14:37:52 2005 @@ -1,5 +1,6 @@ /* signal.c - signal handling - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -73,10 +74,12 @@ static const char * get_signal_name( int signum ) { + /* Note that we can't use strsignal(), because it is not + reentrant. */ #if defined(SYS_SIGLIST_DECLARED) && defined(NSIG) return (signum >= 0 && signum < NSIG) ? sys_siglist[signum] : "?"; #else - return "some signal"; + return NULL; #endif } #endif /*!HAVE_DOSISH_SYSTEM*/ @@ -93,19 +96,43 @@ if (cleanup_fnc) cleanup_fnc (); - /* better don't translate these messages */ + /* Better don't translate these messages. */ write (2, "\n", 1 ); s = log_get_prefix (NULL); if (s) write(2, s, strlen (s)); write (2, ": ", 2 ); s = get_signal_name(sig); - write (2, s, strlen(s) ); + if (s) + write (2, s, strlen(s) ); + else + { + /* We are in a signal handler so we can't use any kind of printf + even not sprintf. USe a straightforward algorithm. */ + write (2, "signal ", 7 ); + if (sig < 0 || sig >= 100000) + write (2, "?", 1); + else + { + int i, any=0; + + for (i=10000; i; i /= 10) + { + if (sig >= i || ((any || i==1) && !(sig/i))) + { + write (2, "0123456789"+(sig/i), 1); + if ((sig/i)) + any = 1; + sig %= i; + } + } + } + } write (2, " caught ... exiting\n", 20); - /* reset action to default action and raise signal again */ + /* Reset action to default action and raise signal again */ init_one_signal (sig, SIG_DFL, 0); - /* fixme: remove_lockfiles ();*/ + /* Fixme: remove_lockfiles ();*/ #ifdef __riscos__ close_fds (); #endif /* __riscos__ */ From cvs at cvs.gnupg.org Fri May 13 14:23:56 2005 From: cvs at cvs.gnupg.org (cvs user wk) Date: Fri May 13 14:24:01 2005 Subject: GNUPG-1-9-BRANCH gnupg/common (ChangeLog signal.c) Message-ID: Date: Friday, May 13, 2005 @ 14:43:07 Author: wk Path: /cvs/gnupg/gnupg/common Tag: GNUPG-1-9-BRANCH Modified: ChangeLog signal.c (got_fatal_signal): Print the signal number if we can't get a name for it. (get_signal_name): Return NULL if no name is available. Fixed conditional for sys_siglist to the correct one. -----------+ ChangeLog | 3 ++- signal.c | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) Index: gnupg/common/ChangeLog diff -u gnupg/common/ChangeLog:1.30.2.49 gnupg/common/ChangeLog:1.30.2.50 --- gnupg/common/ChangeLog:1.30.2.49 Fri May 13 14:37:52 2005 +++ gnupg/common/ChangeLog Fri May 13 14:43:07 2005 @@ -2,7 +2,8 @@ * signal.c (got_fatal_signal): Print the signal number if we can't get a name for it. - (get_signal_name): Return NULL if no name is available. + (get_signal_name): Return NULL if no name is available. Fixed + conditional for sys_siglist to the correct one. 2005-04-17 Werner Koch Index: gnupg/common/signal.c diff -u gnupg/common/signal.c:1.2.2.2 gnupg/common/signal.c:1.2.2.3 --- gnupg/common/signal.c:1.2.2.2 Fri May 13 14:37:52 2005 +++ gnupg/common/signal.c Fri May 13 14:43:07 2005 @@ -76,7 +76,7 @@ { /* Note that we can't use strsignal(), because it is not reentrant. */ -#if defined(SYS_SIGLIST_DECLARED) && defined(NSIG) +#if defined(HAVE_DECL_SYS_SIGLIST) && defined(NSIG) return (signum >= 0 && signum < NSIG) ? sys_siglist[signum] : "?"; #else return NULL; @@ -101,7 +101,7 @@ s = log_get_prefix (NULL); if (s) write(2, s, strlen (s)); - write (2, ": ", 2 ); + write (2, ": signal ", 9 ); s = get_signal_name(sig); if (s) write (2, s, strlen(s) ); @@ -109,7 +109,6 @@ { /* We are in a signal handler so we can't use any kind of printf even not sprintf. USe a straightforward algorithm. */ - write (2, "signal ", 7 ); if (sig < 0 || sig >= 100000) write (2, "?", 1); else From cvs at cvs.gnupg.org Sat May 14 04:19:20 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Sat May 14 04:19:25 2005 Subject: gnupg/g10 (ChangeLog build-packet.c export.c g10.c options.h) Message-ID: Date: Saturday, May 14, 2005 @ 04:38:31 Author: dshaw Path: /cvs/gnupg/gnupg/g10 Modified: ChangeLog build-packet.c export.c g10.c options.h * build-packet.c (do_comment): Removed. (build_packet): Ignore comment packets. * export.c (do_export_stream): Don't export comment packets any longer. * options.h, g10.c (main): Remove --sk-comments and --no-sk-comments options, and replace with no-op. ----------------+ ChangeLog | 11 +++++++++++ build-packet.c | 45 +++++++++++++++++++-------------------------- export.c | 12 +++++++----- g10.c | 13 ++++--------- options.h | 1 - 5 files changed, 41 insertions(+), 41 deletions(-) Index: gnupg/g10/ChangeLog diff -u gnupg/g10/ChangeLog:1.735 gnupg/g10/ChangeLog:1.736 --- gnupg/g10/ChangeLog:1.735 Wed May 11 21:31:53 2005 +++ gnupg/g10/ChangeLog Sat May 14 04:38:31 2005 @@ -1,3 +1,14 @@ +2005-05-13 David Shaw + + * build-packet.c (do_comment): Removed. + (build_packet): Ignore comment packets. + + * export.c (do_export_stream): Don't export comment packets any + longer. + + * options.h, g10.c (main): Remove --sk-comments and + --no-sk-comments options, and replace with no-op. + 2005-05-11 David Shaw * keygen.c (write_selfsigs): Rename from write_selfsig. Write the Index: gnupg/g10/build-packet.c diff -u gnupg/g10/build-packet.c:1.90 gnupg/g10/build-packet.c:1.91 --- gnupg/g10/build-packet.c:1.90 Wed Dec 22 18:49:44 2004 +++ gnupg/g10/build-packet.c Sat May 14 04:38:31 2005 @@ -1,6 +1,6 @@ /* build-packet.c - assemble packets and write them - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -34,8 +34,6 @@ #include "memory.h" #include "options.h" - -static int do_comment( IOBUF out, int ctb, PKT_comment *rem ); static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk ); static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk ); @@ -74,30 +72,38 @@ log_debug("build_packet() type=%d\n", pkt->pkttype ); assert( pkt->pkt.generic ); - switch( (pkttype = pkt->pkttype) ) { - case PKT_OLD_COMMENT: pkttype = pkt->pkttype = PKT_COMMENT; break; + switch( (pkttype = pkt->pkttype) ) + { case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break; case PKT_ENCRYPTED: case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break; case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break; case PKT_USER_ID: - if( pkt->pkt.user_id->attrib_data ) - pkttype = PKT_ATTRIBUTE; - break; + if( pkt->pkt.user_id->attrib_data ) + pkttype = PKT_ATTRIBUTE; + break; default: break; - } + } if( new_ctb || pkttype > 15 ) /* new format */ ctb = 0xc0 | (pkttype & 0x3f); else ctb = 0x80 | ((pkttype & 15)<<2); - switch( pkttype ) { + switch( pkttype ) + { case PKT_ATTRIBUTE: case PKT_USER_ID: rc = do_user_id( out, ctb, pkt->pkt.user_id ); break; + case PKT_OLD_COMMENT: case PKT_COMMENT: - rc = do_comment( out, ctb, pkt->pkt.comment ); + /* + Ignore these. Theoretically, this will never be called as + we have no way to output comment packets any longer, but + just in case there is some code path that would end up + outputting a comment that was written before comments were + dropped (in the public key?) this is a no-op. + */ break; case PKT_PUBLIC_SUBKEY: case PKT_PUBLIC_KEY: @@ -137,7 +143,7 @@ default: log_bug("invalid packet type in build_packet()\n"); break; - } + } return rc; } @@ -190,19 +196,6 @@ } } - -static int -do_comment( IOBUF out, int ctb, PKT_comment *rem ) -{ - if( opt.sk_comments ) - { - write_header2(out, ctb, rem->len, 2); - if( iobuf_write( out, rem->data, rem->len ) ) - return G10ERR_WRITE_FILE; - } - return 0; -} - static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) { Index: gnupg/g10/export.c diff -u gnupg/g10/export.c:1.45 gnupg/g10/export.c:1.46 --- gnupg/g10/export.c:1.45 Sat Jan 1 22:21:11 2005 +++ gnupg/g10/export.c Sat May 14 04:38:31 2005 @@ -240,10 +240,11 @@ continue; } - /* don't export any comment packets but those in the - * secret keyring */ - if( !secret && node->pkt->pkttype == PKT_COMMENT ) - continue; + /* We used to use comment packets, but not any longer. In + case we still have comments on a key, strip them here + before we call build_packet(). */ + if( node->pkt->pkttype == PKT_COMMENT ) + continue; /* make sure that ring_trust packets never get exported */ if (node->pkt->pkttype == PKT_RING_TRUST) @@ -335,7 +336,8 @@ || node->pkt->pkt.signature->keyid[1]!=keyid[1])) continue; - /* do not export packets which are marked as not exportable */ + /* do not export packets which are marked as not + exportable */ if(!(options&EXPORT_LOCAL_SIGS) && !node->pkt->pkt.signature->flags.exportable) continue; /* not exportable */ Index: gnupg/g10/g10.c diff -u gnupg/g10/g10.c:1.303 gnupg/g10/g10.c:1.304 --- gnupg/g10/g10.c:1.303 Fri May 6 21:25:19 2005 +++ gnupg/g10/g10.c Sat May 14 04:38:31 2005 @@ -187,8 +187,6 @@ oStatusFile, oAttributeFD, oAttributeFile, - oSKComments, - oNoSKComments, oEmitVersion, oNoEmitVersion, oCompletesNeeded, @@ -347,6 +345,7 @@ oEnableProgressFilter, oMultifile, oKeyidFormat, + oNoop, oReaderPort, octapiDriver, @@ -496,8 +495,8 @@ { oStatusFile, "status-file" ,2, "@"}, { oAttributeFD, "attribute-fd" ,1, "@" }, { oAttributeFile, "attribute-file" ,2, "@" }, - { oNoSKComments, "no-sk-comments", 0, "@"}, - { oSKComments, "sk-comments", 0, "@"}, + { oNoop, "sk-comments", 0, "@"}, + { oNoop, "no-sk-comments", 0, "@"}, { oCompletesNeeded, "completes-needed", 1, "@"}, { oMarginalsNeeded, "marginals-needed", 1, "@"}, { oMaxCertDepth, "max-cert-depth", 1, "@" }, @@ -2030,8 +2029,6 @@ case oNoVerbose: g10_opt_verbose = 0; opt.verbose = 0; opt.list_sigs=0; break; case oQuickRandom: quick_random_gen(1); break; - case oSKComments: opt.sk_comments=1; break; - case oNoSKComments: opt.sk_comments=0; break; case oEmitVersion: opt.no_version=0; break; case oNoEmitVersion: opt.no_version=1; break; case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break; @@ -2544,6 +2541,7 @@ else log_error("unknown keyid-format `%s'\n",pargs.r.ret_str); break; + case oNoop: break; default : pargs.err = configfp? 1:2; break; } @@ -2705,7 +2703,6 @@ else { opt.force_v4_certs = 0; - opt.sk_comments = 0; opt.escape_from = 1; opt.force_v3_sigs = 1; opt.pgp2_workarounds = 1; @@ -2720,14 +2717,12 @@ } else if(PGP6) { - opt.sk_comments=0; opt.escape_from=1; opt.force_v3_sigs=1; opt.ask_sig_expire=0; } else if(PGP7) { - opt.sk_comments=0; opt.escape_from=1; opt.force_v3_sigs=1; opt.ask_sig_expire=0; Index: gnupg/g10/options.h diff -u gnupg/g10/options.h:1.137 gnupg/g10/options.h:1.138 --- gnupg/g10/options.h:1.137 Fri May 6 00:08:37 2005 +++ gnupg/g10/options.h Sat May 14 04:38:31 2005 @@ -80,7 +80,6 @@ int def_cert_level; int min_cert_level; int ask_cert_level; - int sk_comments; int no_version; int marginals_needed; int completes_needed; From cvs at cvs.gnupg.org Sat May 14 04:35:56 2005 From: cvs at cvs.gnupg.org (cvs user dshaw) Date: Sat May 14 04:36:01 2005 Subject: gnupg/doc (ChangeLog gpg.sgml) Message-ID: Date: Saturday, May 14, 2005 @ 04:55:10 Author: dshaw Path: /cvs/gnupg/gnupg/doc Modified: ChangeLog gpg.sgml * gpg.sgml: Document --default-sig-expire and --default-cert-expire, remove --sk-comments and --no-sk-comments, and clarify the form of a non-IETF notation for --sig-notation and --cert-notation. -----------+ ChangeLog | 7 ++++++ gpg.sgml | 67 +++++++++++++++++++++++++++++++++++------------------------- 2 files changed, 47 insertions(+), 27 deletions(-) Index: gnupg/doc/ChangeLog diff -u gnupg/doc/ChangeLog:1.100 gnupg/doc/ChangeLog:1.101 --- gnupg/doc/ChangeLog:1.100 Thu May 5 14:39:36 2005 +++ gnupg/doc/ChangeLog Sat May 14 04:55:10 2005 @@ -1,3 +1,10 @@ +2005-05-13 David Shaw + + * gpg.sgml: Document --default-sig-expire and + --default-cert-expire, remove --sk-comments and --no-sk-comments, + and clarify the form of a non-IETF notation for --sig-notation and + --cert-notation. + 2005-05-05 David Shaw * gpg.sgml: Clarify --min-cert-level a bit. Index: gnupg/doc/gpg.sgml diff -u gnupg/doc/gpg.sgml:1.82 gnupg/doc/gpg.sgml:1.83 --- gnupg/doc/gpg.sgml:1.82 Thu May 5 14:39:36 2005 +++ gnupg/doc/gpg.sgml Sat May 14 04:55:10 2005 @@ -1,6 +1,6 @@